PENC represents the payment encryption used during a RIS call to Kount. The acceptable values for PENC are KHASH or MASK, further defined in this document.
PENC represents the payment encryption used during a RIS call to Kount. The acceptable values for PENC are KHASH or MASK.
KHASH is a proprietary one-way irreversible hashing algorithm used to hash the card number before passing it to Kount. With KHASH you will benefit from cross-merchant linking of the payment token on the Kount network.
MASK can be used only if the BIN (first 6 of the card) and PLUS4 (last 4 of the card) are visible to the merchant. Sending MASK will allow the BIN information to be shown on the transaction details page and used within the rules engine. Since multiple cards can have the same BIN+4, masked values will be able to link to other transactions by the payment token.
RIS Payment Encryption Options
When using the Kount SDK all credit card information, by default, uses the KHASH encryption method where the credit card information is irreversibly hashed prior to transmission from the merchant to Kount.
IMPORTANT: When using the JAVA or .Net SDKs (due to the compiled nature of the languages) KHASH is the only option for payment encryption. JAVA or .Net environments must use a direct post (outside of the SDK) method if MASK encryption is chosen.
The following encryption options are available for merchants who do not use the SDK:
KHASH: Kount proprietary hash used to hash the credit card number before passing it to Kount. The hashing algorithm source code can be found in each one of the SDKs or can be requested from Kount.
Output: BIN=14 + alpha-numeric characters.
MASK: Ability to pass the first six and last four of a credit card filled in with XXXs.
PENC=MASK is only valid with PTYP=CARD; PENC=MASK
Output: BIN + 9 capital X characters + last four of credit card.
Note: The "X" characters must be capitalized. All examples are for the purpose of illustration. The PTOK should be the same length as the original credit card number.