bluefin PAX A80 - User Manual

This document outlines the implementation and usage of a PCI-Validated Point-to-Point-Encryption (P2PE) device, specifically the PAX A80 Standalone / Semi-Integrated terminal, in conjunction with Bluefin and Springbrook systems. The primary function of this device is to secure credit card transactions by encrypting data at the point of entry, thereby reducing PCI compliance scope for merchants.

Function Description

The core function of this device is to provide PCI-Validated P2PE for credit card transactions. When a credit card is swiped or keyed into the device, the data is immediately encrypted within the device itself. This encrypted data is then transmitted to Bluefin's offsite Hardware Security Module (HSM) for decryption. After decryption, the credit card data is "tokenized" into a unique code. This token can then be securely saved and used for subsequent transactions such as reissuing or refunding payments without exposing the original credit card data. This process ensures that sensitive credit card information never enters the merchant's network, effectively outsourcing data security to Bluefin and significantly reducing the merchant's PCI compliance burden. The device acts as a secure conduit for payment processing, safeguarding cardholder data from the moment of capture.

Usage Features

The device offers several user-friendly features for setup, activation, and daily operation.

Device Reception and Activation:

Upon receiving the device, users must follow a "Chain of Custody" protocol. This involves logging into the P2PE Manager, an online portal, using credentials provided by Bluefin. Within the P2PE Manager, users navigate to the "Shipments" tab to locate and "Receive" their device. This step requires verifying the device's serial number and the tamper label number, which are visible through the secure tamper-evident bag the device is shipped in. It is crucial not to open the tamper bag until after these numbers have been entered into the P2PE Manager. Users have the option to "Auto Activate" the device immediately upon receipt or to receive it into a "stored" state for later activation. If stored, the device can be activated by changing its "Device State" to "Activating" in the "Devices" tab of the P2PE Manager. The device will automatically transition to "Activated" once card processing begins.

Physical Assembly and Setup:

The device package includes the A80 terminal, a receipt paper roll, an AC power supply and adapter, and potentially a LAN/CAT 5 cable and phone cord. Before assembly, users must inspect the secure bag for any signs of tampering and verify the "No Tear" sticker on the device itself. The device requires constant power, as no battery is available for purchase; it must always be plugged in, ideally into a surge protector. Assembly involves attaching the AC adapter and plugging it into the device. If applicable, the LAN cable should be connected to the LAN port on the back of the device and to the modem.

Paper Roll Installation:

To install the receipt paper, users lift the paper lid, unwrap the paper roll, and insert it with the thermal side up to prevent jams. Approximately two inches of paper should be pulled out before closing the lid. The device uses paper rolls with a width of 58 mm and a diameter of 40 mm.

Terminal Configuration (Android Settings):

The device runs on an Android operating system, allowing for various configurations through the "Settings" app.

• Connecting with Ethernet: From the Android Settings, users can navigate to "Wireless & Networks," select "Ethernet," and enable it.
• Setting Static IP (Optional): Within "Ethernet Configuration," users can choose between DHCP or Static IP. If Static IP is selected, they will need to manually enter the IP Address, Subnet Mask, Gateway IP, and DNS IP.
• Setting Date & Time: This is a critical step for proper device function. Users access "Date & time" under "System" in Android Settings. It is important to first disable "Automatic date & time" and "Automatic time zone." Then, users can manually select their time zone, choose between 12-hour or 24-hour format, and set the date and time precisely.

BroadPOS Bluefin App Settings:

The primary application for processing payments is the "BroadPOS Bluefin App," accessible from the home screen.

• Password Protection: Users can password-protect specific transaction types (Credit, Debit, Auth, Post-Auth, Forced, Return, Void Sale, Void Post, Void Forced) by navigating to "Settings" > "Merchant Settings" > "Transaction Types" within the app. The default password for the Bluefin app is the current date in MM:DD:YYYY format.
• Sound Settings: Touch-sound volume and other audio preferences can be adjusted through the Android Settings under "Device" > "Sound & notification." This includes media and ring volume, ringtones, boot music, and keypad tones.
• Demo Mode: For training or testing purposes, a "Demo Mode" can be enabled or disabled under "Settings" > "Operation Settings" in the BroadPOS Bluefin App.
• Customer Receipt Settings: Users can toggle the printing of customer receipts and configure pre-printing options under "Settings" > "Operation Settings" > "Receipt Mode" and "Receipt Print" respectively.
• Receipt Header/Trailer: The text displayed at the top (header) and bottom (trailer) of receipts can be customized. This is done through "Settings" > "Other Settings" > "Edit Header" or "Edit Trailer." After making changes, the terminal must be restarted for the new text to appear.

Maintenance Features

While the document focuses more on setup and usage, some aspects touch upon maintenance implicitly.

• Tamper Detection: The device is shipped in a tamper-evident bag with a numbered seal, and the device itself has a "No Tear" sticker. Users are instructed to inspect these for any signs of tampering upon receipt. If tampering is suspected, specific steps for a "Tampered Device" (though not detailed in this excerpt) would need to be followed. This proactive check is a crucial maintenance step to ensure the integrity of the P2PE security.
• Software Updates: Although not explicitly detailed as a user-initiated maintenance task, the mention of "Device Health Check" URLs (t.paxstore.us) suggests that the device connects to a central server for monitoring and potentially for receiving software updates. Regular updates are a standard maintenance practice for security and functionality.
• Paper Roll Replacement: The guide provides clear instructions on how to replace the receipt paper roll, including the correct dimensions (58 mm width, 40 mm diameter) and insertion method (thermal side up). This is a routine operational maintenance task.
• Troubleshooting Network Connectivity: The document provides URLs for "Device Health Check" and "Transactions URL" (secure.payconex.net). While not a direct maintenance feature, these URLs are essential for troubleshooting network connectivity issues, which is a common maintenance activity for any networked device.
• Customer Support: The availability of Springbrook Customer Support (phone and email) serves as a key maintenance resource for merchants encountering issues with the device. This ensures that expert assistance is available for troubleshooting, repairs, or any other operational problems that may arise.

In summary, the device is designed for secure, efficient, and user-manageable payment processing, with clear instructions for initial setup, daily operations, and basic maintenance checks to uphold its security integrity.