PENC represents the payment encryption used during a RIS call to Kount. The acceptable values for PENC are KHASH or MASK, further defined in this document.
PENC represents the payment encryption used during a RIS call to Kount. The acceptable values for PENC are KHASH or MASK.
KHASH is a proprietary one-way irreversible hashing algorithm used to hash the card number, the ACH number, or the PayPal Payer ID before passing it to Kount. With KHASH you will benefit from cross-merchant linking of the payment token on the Kount network.
MASK can be used only if the BIN (first 6 of the card) and PLUS4 (last 4 of the card) are visible to the merchant. Sending MASK will allow the BIN information to be shown on the transaction details page and used within the rules engine. Since multiple cards can have the same BIN+4, masked values will be able to link to other transactions by the payment token.
RIS Payment Encryption Options
When using the Kount SDK all credit card information, by default, uses the KHASH encryption method where the credit card information is irreversibly hashed prior to transmission from the merchant to Kount.
The following encryption options are available for merchants who do not use the SDK:
Option 1
KHASH: Kount proprietary hash used to hash the credit card number before passing it to Kount. The hashing algorithm source code can be found in each one of the SDKs or can be requested from Kount.
PTYP=CARD; PENC=KHASH
Output: BIN=14 + alpha-numeric characters.
Example: 123456A123C34E56G7DFG
Option 2
MASK: Ability to pass the first six and last four of a credit card filled in with XXXs.
PENC=MASK is only valid with PTYP=CARD; PENC=MASK
Output: BIN + 9 capital X characters + last four of credit card.
Example: 123456XXXXXXXXXX7890