To connect to your wireless network, the payment terminal needs to know certain network properties, depending on your type of Wi-Fi network. For example, the terminal needs to know basic properties such as the channel, password, and name of the network as well as advanced properties such as certificates for server validation and client authentication.
The terminal obtains the network properties through a Wi-Fi profile, which is set up remotely. The terminal receives and loads the remote Wi-Fi profile as part of the terminal configuration.
Wi-Fi network and profile types
Our processor payment terminals support the following Wi-Fi networks:
| WPA type | Authentication | Cipher Suite | Encryption |
| WPA-Personal | PSK | TKIP | RC4 |
| WPA-Enterprise | EAP-PEAP, EAP-TLS | TKIP | RC4 |
| WPA2-Personal | PSK | CCMP/TKIP | AES |
| WPA2-Enterprise | EAP-PEAP,EAP-TLS | CCMP/TKIP | AES |
The network properties are supplied to the terminal in an SSID profile, which we refer to as the Wi-Fi profile. This can be a local profile or a remote profile.
Local Wi-Fi profile:
Is managed locally on the terminal.
Supports WPA Personal and WPA2 Personal networks. However, we recommend using a remote Wi-Fi profile.
Doesn't support WPA Enterprise and WPA2 Enterprise networks.
Remote Wi-Fi profile:Remote Wi-Fi profile :
Is managed centrally. This allows you to:
Configure Wi-Fi settings in one place instead of on each individual terminal.
Implement changes in one place instead of on each individual terminal, for example when the PSK password or an EAP-PEAP certificate expires.
Is mandatory for WPA Enterprise and WPA2 Enterprise networks.
Also supports WPA Personal and WPA2 Personal networks.
Remote Wi-Fi profile types
You can set up the following remote Wi-Fi profiles:
Enterprise EAP-PEAP: a profile for WPA-Enterprise and WPA2-Enterprise networks using EAP-PEAP authentication. This type of authentication uses only server-side certificates.
Enterprise EAP-TLS: a profile for WPA-Enterprise and WPA2-Enterprise networks using EAP-TLS authentication. This type of authentication uses both server-side and client-side certificates. The authentication server of the Wi-Fi network validates the certificate of the processor-supplied payment terminal, and the terminal as Wi-Fi client validates the certificate of the authentication server. This makes it the most secure wireless network, but you need to manage more certificates.
Because of the technical complexities, the option to create this type of profile is only available on demand. Contact your account manager.
Personal PSK: a profile for WPA-Personal and WPA2-Personal networks using PSK authentication.
The account level where you need to configure your remote Wi-Fi profile depends on the network infrastructure architecture and the account structure in the Customer Area. For example, if there is a store-specific Wi-Fi network and the account is structured with stores, configure the remote Wi-Fi profile at the store level.
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article