Shared Secret Keys

Owned by Handpoint Support
Last updated: 20 Jul, 2016
2 min read

 A Shared Secret is a string used to create a digital signature (referred to as a "hash") which is provided with every request to and from the system to ensure the integrity of the transaction data and to authenticate the sender as being the legitimate account holder.

It is known only to parties involved in a secured communication. In this case the card reader and the merchant share a secret key with Handpoint. It can be a password, a paraphrase, a long number or a string of randomly chosen characters (for example: HIJK, 23kjdvDFS, 5678, etc). It must be set up by you or a designated person after we create an account for you for the first time.Each merchant account has its own shared secret that is used to verify that the information transmitted along the path from the card reader to the processor remains secure and between the parties involved. It is known by both sides communicating, but is never actually sent, hence why it is called a secret. It is known only to you (the merchant) and other parties involved and approved by you (i.e. your developer or a member of staff).

 If you have multiple TIDs, then each terminal has its own Shared Secret.

 Handpoint uses 256-bit encryption 
each shared secret is unique to the merchant/partner account
Many things can go wrong when sensitive payment card information is transmitted from a customer to the processor.

 The shared secret challenge is used to reduce security breaches in situations such as:  

  •  An original card reader is replaced with a fake one so that thieves can collection card information or fake a high volume sale result for valuable goods
  •  A thief attempts to funnel card sales into the thieves' account instead of the merchant's
  •  A thief makes unauthorized refunds from the merchant account to the thieves' account
  •  An original card reader is accidentally configured for the wrong merchant

 

Copyright 2018 Handpoint