# Operation and Maintenance

### Periodic Inspection

The merchant or acquirer should inspect the appearance of secure card reader on a daily basis:

* Inspect the appearance of secure card reader to make sure it is the right product.
* Inspect whether the Swipe Path has an additional card reader or other inserted bugs, See Figure 4-1, below.
* Inspect whether the product appearance has been changed.
* Check if the firmware version is correct.
* After connecting the device to a USB-C power supply, it will power on, the LED indicator should illuminate green and remain powered on to indicate the device is in an idle state, ready for a transaction. Powering on the secure card reader will test hardware security and authenticity, and the integrity of the installed firmware.

<figure><img src="/files/fDzomptIVp4dVcxO7upz" alt=""><figcaption></figcaption></figure>

<figure><img src="/files/NETG0810Nq5bKNaARkUs" alt=""><figcaption></figcaption></figure>

MSR Swipe Path: T*he swipe path is smooth. The only moving part is the spring-mounted read head that depresses into the device as the card’s magnetic stripe makes contact with the read head.*

<p align="center">Figure 4-1 - Card Swipe Path Example</p>

MagTek strongly recommends performing security inspections on a regular schedule. Additional information can be found in \[2]. If any problems are detected, stop using the device, set it aside in a secure location, and contact the manufacturer or your acquirer for further advice.

### Self-Test

iDynamo 5 Gen III performs self-tests at power-up and after reset. The device automatically resets and performs self-tests every 24 hours at the configured time of day. No manual intervention by the operator is required. Self-tests include:

* Checking the integrity and authenticity of the firmware and cryptographic keys.
* Checking security mechanisms for signs of tampering.

### Roles and Responsibilities <a href="#id-4.3_roles_and_responsibilities" id="id-4.3_roles_and_responsibilities"></a>

The secure card reader has no functionality that gives access to security-sensitive services based on roles. Such services are managed through dedicated tools, using cryptographic authentication.

### Passwords and Certificates <a href="#id-4.4_passwords_and_certificates" id="id-4.4_passwords_and_certificates"></a>

iDynamo 5 Gen III products ship from the factory fully secure. The devices have no security related default values (e.g., passwords/authentication codes/certificates) that require modification by the user to meet PCI security requirements.

### Tamper Response <a href="#id-4.5_tamper_response" id="id-4.5_tamper_response"></a>

If the device senses a physical or environmental attack, it erases all sensitive keys and will have limited functionality. While powered on, the SCR indicates it is in a tampered state by illuminating its only LED solid red, as seen in Figure 4-2 Tamper Response. If this occurs:

* Remove the device from service immediately.
* Store it securely for a possible forensics investigation.
* Contact the manufacturer for assistance. The device will likely need to be returned to the manufacturer for diagnosis and servicing.

<figure><img src="/files/PYCXwA9kHDWDcuhXqPT7" alt=""><figcaption></figcaption></figure>

<p align="center">Figure 4-2 Tamper Response</p>

### Patching and Updating

iDynamo 5 Gen III products support file-based updates of the device’s core firmware (main firmware) and authorized commands for updating sensitive configuration. For optimal device security, MagTek recommends the latest versions of firmware should always be installed.

Firmware updates are provided as files that have been signed by MagTek. The firmware files can be loaded locally through the USB-C interface by using update tools available from the MagTek web site. The device verifies each update is newer than the installed version, and cryptographically authenticates the file with RSA-2048 and SHA-256. If version checking or authentication fails, the device erases the update file and reports an error to the host.

### Decommissioning <a href="#id-4.7_decommissioning" id="id-4.7_decommissioning"></a>

Before iDynamo 5 Gen III products are permanently removed from service, all the keys and sensitive data must be erased. One way to accomplish this is by temporarily removing the back cover, which forces a tamper response.

If removal from service is only temporary, no action is required. All sensitive data will continue to be protected by the device’s physical and logical protection mechanisms.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://developer.magtek.com/hardware/card-readers/magnetic-stripe-readers/idynamo-5-gen-iii/compliance-documentation/secure-card-reader-security-policy/operation-and-maintenance.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.