Solution Summary
CSFi data encryption solutions are designed from the ground up to provide top-rated data security and encryption standards in a fully integrated and easy to implement form. Whether operating thousands or only a few ATMs, the secure transmission of transaction data is essential. Looming regional and global mandates require deployment of the most secure communications protocols available. Anything less will no longer be an option. Profitability and sustainability of transaction processing environments are dependent on successful implementation of mandated encryption protocols.
End-to-End SSL/TLS Encryption
An important aspect of payment security is securing communications between every system or device connected to SWITCHWARE® or EZswitch® . Using a holistic approach including Transport Layer Security (TLS), CSFi’s integrated communication encryption secures endpoint to endpoint communication and helps to ensure the high availability of systems…which financial institutions and customers both expect. Using TLS secures ATMs, POS devices and other systems such as EFT networks and authorizers by encrypting the transmission of sensitive data across network channels. Read more…
TR-31/X9.143 Key Blocks
TR-31 Key Block is a standard that establishes guidelines for the secure generation, distribution, and storage of cryptographic keys used in electronic payment systems. It is used to safeguard PCI-sensitive information and guarantee the confidentiality of users’ transactions. This standard has been widely adopted as an essential part of PCI security practices to combat unauthorized substitution, key replacement, or misuse by external agents. TR-31 Key Blocks protect DES, 3DES, and AES keys from unauthorized replacement, key replacement, or misuse by external influences. This method provides unique key protection, causing each key to contain exclusive information in the header, which allows for easy identification and distinction in a cryptographic system. This feature enables rapid detection of false keys aimed at fraudulently capturing confidential information. TR-31 is an interoperable format defined by the American National Standards Institute (ANSI). It allows for the safe exchange of cryptographic keys by including key attributes in the exchanged data, enabling secure interchange of symmetric keys.
Recent Update. The PCI Security Standards Council (SSC) is mandating key blocks as the structures for managing encrypted keys to ensure data is protected and used only as intended. ATMs need to comply with new EPP hardware and software requirements for TR-31 key blocks by January 1, 2025, to avoid losing vital transaction functionality.
RSA ATM Remote Key Loading
Remote Key Loading allows for the remote injection of the A-key (Terminal Master Key) and B-key (PIN Encryption Key). CSFi works with the ATM manufacturer to generate “Certificates” that are needed to validate the source of the key injection and ensure that it is permitted to update any of the stored keys on an ATM. Read More…
Derived Unique Key Per Tran (DUKPT)
Used primarily with Point-of-Sale (POS) devices, CSFi software can utilize a feature that cycles through series of different keys to provide an added layer of encryption. DUKPT allows the device and SWITCHWARE® to cooperatively use different sets of encryption keys for each transaction to prevent hackers from deciphering any of the encrypted values.
Contact CSFi for the rest of the story. Learn how CSFi maintains the leading edge in communications security and can cost efficiently promote the compliance of your enterprise, now and forever.