payshield 9000 The hardware security module securing the world s payments

Similar documents
Maximize the use of your HSM 8000

esocket POS Integrated POS solution Knet

EMV THE DEFINITIVE GUIDE FOR US MERCHANTS AND POS RESELLERS

EMV: The Next Generation of Payments

SpanKey & SpanKey/SE

EMV Basics and the market

MITIGATE THE RISK OF FRAUD AND COMPLIANCE COSTS with EMV mandates. An NCR white paper

Thales e-security Thales e-security Lifecycle Support Policy

Job Profile Definition

X Infotech Banking. Software solutions for smart card issuance

Semi-Integrated EMV Payment Solution

SmartVista Modern Payment Solution on NonStop

Transaction Management & Payment Solutions

EMV is coming. Here s how to stay ahead of the trend. Presented by CO-OP Financial Services

HITACHI BIOMETRIC SOLUTIONS FOR RETAIL BANKING. Hitachi s digital security portfolio includes a comprehensive biometric solution for retail banking.

Agenda. What is EMV. Chip vs Mag Stripe. Benefits of EMV. Timeframes & Liability Shift. Costs. Things to consider. Questions

Card Payment acceptance at Common Use positions at airports


Target, the third largest retailer in the U.S., suffered a

EMV Terminology Guide

EMV: Strengthen Your Business Through Secure Payments

Testing Best Practices. Derek Ross ICC Solutions

Helping merchants automate testing practices.

Heartland Payment Systems

POWER OF AGILITY. M^DYNAMICS DynamicPOS DynamicATM DynamicSwitch

EMV Chip Cards. Table of Contents GENERAL BACKGROUND GENERAL FAQ FREQUENTLY ASKED QUESTIONS GENERAL BACKGROUND...1 GENERAL FAQ MERCHANT FAQ...

Proxama PIN Manager. Bringing PIN handling into the 21 st Century

EMV Adoption. What does this mean to your ATMs?

EMV Implementation Guide

Retail Payments Strategy Overview

Is Your Organization Ready for the EMV Challenge?

EMV: Frequently Asked Questions for Merchants

EMV for Merchants and Merchant Acquirers: U.S. Migration Considerations. Smart Card Alliance Webinar October 6, 2011

FOR A BARRIER-FREE PAYMENT PROCESSING SOLUTION

MODERNISING YOUR CARD PROCESSING: OVERCOMING THE CHALLENGES

EMV and Educational Institutions:

Canadian EMV Chip Migration. Ron Walsh BMO Bank of Montreal Miami, Florida, USA October 11, 2005

EMV FAQ S FROM A MERCHANT S PERSPECTIVE

TransKrypt Security Server

e-id Card Solutions End-to-End Solutions for Citizen ID Applications

ECSG (Vol Ref. 8.A01.00) SEPA CARDS STANDARDISATION (SCS) VOLUME. Payments and Cash Withdrawals with Cards in SEPA

10+ M EFTPOS TERMINALS M Software Solution TransLink.iQ OPERATIONS PER MONTH WITHIN OUTSOURCING PROJECTS

FEIG Electronics cvend Pays Off with Performance, Security for Contactless Fare Collection Systems

EMV in the U.S. Liability shift; what does this mean for the U.S.?

Personalization Solutions for the Real World

Finding the Best Route for EMV in the US


Visa Minimum U.S. Online Only Terminal Configuration

Collis/B2 EMV & Contactless Offering

EMV Validation (on-behalf of) Service

MAKE WAY FOR THE EMV CREDIT CARD. What You Need to Know for a Smarter POS Strategy.

Scalable UNIX Transaction Processing Engine

BANKWORLD POS. Today s solution for tomorrow s self-service bank BANKWORLD BANK ON THE FUTURE WITH TODAY S TECHNOLOGY CR2.COM

Financial Services. EMV is on the way: are you prepared? Advisory

SmartVista i: payments processing on IBM System i platform

Merchant Considerations for U.S. Chip Migration. EMV Migration Forum/National Retail Federation September 2014

EMV: Facts at a Glance

EMV: GET READY. Michelle Thornton, CO-OP Financial Services

OTI Brings Diverse Cashless Payment Solutions to Worldwide Merchants

Protecting Your Future

WHITE PAPER. Focus on value added services by network companies a paradigm shift. Rahul Kaushal, Ramakant Mittal

E M V O V E R V I E W. July 2014

KONA Software Lab Ltd. (KONA SL) October 10, 2017

White Paper. EMV Key Management Explained

EMV A Chip Off the New Block

ECSG SEPA CARDS STANDARDISATION (SCS) VOLUME STANDARDS REQUIREMENTS

PIN Issuance & Management

THE ADOPTION OF EMV TECHNOLOGY IN THE U.S. By Guy Berg Global Industry Sales Consultant Datacard Group

Merchant Considerations for U.S. Chip Migration. EMV Migration Forum/National Retail Federation September 2014

FTFS. Fault Tolerant Financial Systems

PayPass M/Chip Requirements. 3 July 2013

Notice to Government End Users DoD contract: Civilian agency contract:

Let s Talk about EMV. getnationwide.com

Cashless 3.0. Partner Program Overview. TAS Group 2017

Cashless 3.0. Partner Program Overview. TAS Group 2017

Stock Taking Exercise & Implementation plan Progress Report

See

ATM Webinar Questions and Answers May, 2014

TAS CASHLESS 3.0 FOCUS ON. The absolute framework for electronic payment management. CASHLESS 3.0: the ultimate. payment experience

Ignite Payment s Program on EMV

Payment Card Industry Compliance. May 12, 2011

Cloning Credit Cards: A combined pre-play and downgrade attack on EMV Contactless

TAS FOCUS ON. The absolute framework for electronic payment management. cashless 3.0: the ultimate. payment experience IN THIS DOCUMENT

A Guide to. US EMV Migration

Processing IP-Based, Electronic, Payment Card Transactions

EMVCo: Operating Principles

Company Introduction. Electronic Trade Solutions Ltd

The Small Business Guide to Mastering EMV

White Paper: Reducing Certification Cycles for Chip EMV Application

Getting Out of PA-DSS Scope and Eliminating the High Cost of EMV: What you need to know

I N T E R A C. The Faster, More Convenient Way. Small Value Purchases

Empowering Merchants through Adoption of Global Standards

PRIME SM. A Next-Generation Solution for the World of Global Payments. Flexible Deployment Model. Reduce Cost of Ownership

Introduction to EMV BEYOND PAYMENT

EMV 101. EMV Migration Forum Webinar March 6, 2014

E-Debit International Inc. Introduction to Transaction Processing. Basic Overview of our Payment & Processing Systems 08/13

EMV Beyond October 1, Kristi Kuehn VP, Compliance Heartland

Covering Your Bases: The State of EMV & Beyond

EMV Frequently Asked Questions for Merchants May, 2015

!!! Thales Partner Program Teamwork, Commitment, Success!

Transcription:

> payshield 9000 The hardware security module securing the world s payments www.thalesgroup.com/iss

Information Systems Security

Information Systems Security payshield 9000 Table of Contents Introduction 4 Thales Hardware Security Module 5 Overview of Cryptographic Services 5 Typical HSM applications 6 ATM interchange 6 EFTPOS 6 Card issuing 6 Transaction processing 7 Data security 7 payshield 9000 features 7 Performance options 7 Flexible key management system 7 RSA public key support 8 Remote management 8 ATM remote key loading 8 Security certification 9 Secure key storage and generation 9 Extensive host system support 9 Security Resource Managers 9 About Thales 11 3

Introduction Hardware Security Module As an organisation in the payment card industry, you face the challenges of supporting increases in transaction volumes, replacing magnetic stripe cards with contact and/or contactless smart cards, securing remote delivery channels such as mobile or internet while still needing to differentiate your services for competitive advantage. The constant need to defeat new security threats is a major consideration in your IT investment year-on-year. In addition to the increasing burden of regulation, your solutions must incorporate cryptographic security that meets the latest payment card industry (PCI) mandates and is able to grow and adapt to support your emerging needs. The payshield 9000, the latest hardware security module (HSM) from Thales, meets these challenges. Its software options address the needs of card issuers, merchant acquirers, switches, third party payment processors, card schemes and ATM network providers. The core security component of the payshield 9000, which delivers the critical security functionality, is designed to exceed the requirements of FIPS 140-2 Level 3 - the most widely adopted certification standard for cryptographic modules which is mandated by the card schemes. The payshield 9000 is fully backward compatible with the HSM 8000 and RG7000 ranges which it succeeds. Designed specifically as a tamper-resistant peripheral, the payshield 9000 connects to the host system without the need for host client software. It provides the full range of cryptographic facilities necessary for issuing payment cards and securing credit and debit card transactions in financial networks. As a dedicated payment HSM, it is used to secure a wide range of financial infrastructures around the world including Automated Teller Machine (ATM) and point-of-sales (POS) networks, inter-bank funds transfer systems and share dealing systems. The software functionality enables it to support the latest types of remote delivery channel (such as mobile and internet) both in terms of transaction security and user authentication/data security protection if required. It is available in various performance variants (to match individual user needs) with a wide range of connectivity options and protocols allowing connection to all types of host systems. 4

Information Systems Security > > Thales Hardware Security Modules are: Involved in securing over 70% of the world's payment card transactions Deployed by leading card schemes and payment processors for a variety of key management, payment switching and authorisation purposes Capable of being fully managed remotely from the data centre Proven in delivering strong security for ATM, POS, corporate banking, card issuing, funds transfer and share trading systems Easy to customise for individual user applications Designed to support a wide range of host interface connectivity options Available in various performance variants to match user transaction processing requirements Upgradeable in terms of functionality through secure auditable software license downloads Integrated with all major payment applications provided by leading vendors Independently certified to the most rigorous global and national security standards Overview of Cryptographic Services Visa/MasterCard/American Express PIN and Card Verification Functions, EMV 3.x and EMV 4.x transaction processing and secure messaging (including PIN Change), Remote Key Loading for NCR, Diebold and Wincor-Nixdorf ATMs, Fully compliant with 3 key Triple DES standards for all relevant functions including PIN block processing, Triple-DES DUKPT, APACS, and AS2805 transaction key schemes, RSA key generation, signing and verification, ANSI X9.24 Part 1 and X9 TR-31 for enhanced key management using key blocks. 5

> Typical HSM applications ATM interchange payshield 9000 is designed for the ATM interchange environment and can be customized to suit individual networks and, if needed, the particular requirements of each member of the network. The wide variety of host interface options and PIN management commands available in the payshield 9000 family means that the specific needs of each member's system can be readily accommodated. In particular, specific functions designed around AMEX, Visa and MasterCard processing requirements are an integral part of the core software packages. EFTPOS Thales payment HSMs support a large number of Electronic Funds Transfer at Point of Sale (EFTPOS) systems in use around the world. Many of the key management concepts required to secure EFTPOS, such as the Racal Transaction Key scheme, were pioneered by Thales and implemented in RG7000 and HSM 8000 product families and now have been migrated to the payshield 9000. Single and Triple-DES versions of the Derived Unique Key per Transaction, APACS, and AS2805 transaction key schemes are also available. Card issuing A range of software modules available in the payshield 9000 make it a secure, highly reliable component for use within a card production area for both magnetic stripe and chip-based cards. It has proven integration with leading card management systems worldwide. Providing a secure means of generating cryptographic card values such as Visa s CVV (Card Verification Value), MasterCard's CVC (Card Verification Code) and American Express CSC (Card Security Code), it can also be used for secure PIN block and PIN mailer generation. The full range of EMV data preparation options for all major contact and contactless applications are available for use directly by the issuer host system. 6

Information Systems Security Transaction processing PayShield 9000 supports the transaction processing requirements of the full range of credit and debit card applications from the major card schemes, namely American Express (AMEX), JCB, MasterCard and Visa. The difference in requirements between magnetic stripe, contact chip and contactless chip cards are fully implemented. The core payshield 9000 transaction processing software provides transaction processing commands for EMV 3.x and EMV 4.x based systems for issuers and acquirers supporting EMV chip cards. Data security The integrity of information transmitted around and stored within systems is of paramount importance to its users. Normally information generated at remote terminals will be secured using Message Authentication Codes (MACs). payshield 9000 supports a wide range of MAC processing options to suit individual user needs together with encryption/decryption commands where privacy is required. Many Thales HSM customers have already taken advantage of these facilities to assist with their PCI DSS compliance. > payshield 9000 features Performance Options As the banking and financial industries continue to move toward PIN-based and smart card security systems, the demand for higher transaction speeds has never been greater. In its highest speed variant, the payshield 9000 provides 1500 Triple-DES PIN Block translate functions per second (tps), significantly reducing transaction processing time and lowering the cost per transaction. For environments or applications where such high levels of performance is not essential, the option to deploy one of the other models in the payshield 9000 models (starting at 20 tps) allows you choose the most cost-effective model for your particular system. Flexible key management system In practice, the security offered by any application is only as good as the key management system designed for it. payshield 9000 supports a variety of key management schemes, including Master/ Session Key, APACS/Racal Transaction Key, AS2805, DUKPT and Public Key. There is also full support for the variant LMK scheme in addition to the key block scheme (based on ANSI X9.24 and X9 TR-31) in both standard and custom software to enable customers to use security best practices and eliminate know weaknesses with legacy standards such as ANSI X9.17. 7

RSA Public Key Support payshield 9000 offers a high-speed public key subsystem. RSA Public Key cryptography is used for two primary functions: To generate and verify digital signatures, To distribute DES keys encrypted under an RSA Public Key. payshield 9000 supports RSA key lengths from 320 to 4096 bits in steps of 16 bits. This feature allows payshield 9000 to be used in systems where different key lengths are used for different functions, such as digital signatures and key management. In addition, it protects an organisation s technology investment, as the industry is expected to increase key length requirements to keep ahead of increased threats. Remote Management The deployment of the Thales Remote HSM Manager solution provides a significant reduction in operating costs by offering a modern, secure way to manage both HSM 8000 and payshield 9000 devices remote from the data centre. An intuitive, faster to use user interface, providing greater flexibility enables easy integration into the existing organisational structure with minimal training overheads. ATM remote key loading RSA based functions are provided to support remote key loading for NCR, Diebold and Wincor-Nixdorf ATMs. This enables the initialisation of ATM master keys to be automated, providing significant cost savings. 8

Information Systems Security Security certification payshield 9000 uses the Thales Secure Processing Platform (TSPP) for the management and processing of all cryptographic keys, PINs and other sensitive data. This subsystem is designed to exceed the requirements of FIPS 140-2 Level 3. Like its predecessor, the HSM 8000, the payshield 9000 is undergoing certification under the MEPS accreditation scheme, required to secure transactions on French banking neworks and under the APCA scheme for the Australian market. payshield 9000 is a product designed to meet the Payment Card Industry (PCI) HSM standard, exceeding the mandatory security requirements of today s financial networks and keeping transactions secure now and in the future. Secure key storage and generation Once the Local Master Key (LMK) has been formed within the payshield 9000, all other keys are stored encrypted under this key on the host and optionally within the HSM itself. payshield 9000 uses Smart Card technology to back up the key components of the LMK. Extensive host system support payshield 9000 is integrated with applications supplied by all the leading financial industry solution providers. A range of communications protocols are supported. The standard payshield 9000 supports TCP/IP and UDP (through an auto-sensing 10/100/1000 BaseT Ethernet interface) and Asynchronous connections. Security Resource Managers The Security Resource Managers (SRMs) are optional software products for z/os and OS/390, HP NonStop (Tandem Guardian), and IP-connected systems. The SRMs allow multiple applications to use a single Application Programming Interface (API) to access the cryptographic resource provided by a farm of payshield 9000 units. The SRM allows different Thales HSM models (RG7000, HSM 8000 and payshield 9000) to be used transparently to customer applications. In the event that any particular HSM is not available, the SRM automatically routes the request to another available device. 9

IBM version - operates under z/os or OS/390 and provides support for CICS, IMS, and Batch Applications. Support is also provided for assembly language programs as well as high level languages such as COBOL and PL/1. HP NonStop version - operates under the NSK (formerly Tandem Guardian) operating system as a Pathway application and accepts requests either via an application interface module or a server interface. It can also provide applications with a key database that can be managed either by the application or by a supplied key management user interface. 10

Information Systems Security > About Thales Thales is a leading international electronics and systems group, addressing defence, aerospace and security markets worldwide. Thales's leading-edge technology is supported by 22,000 R&D engineers who offer a capability unmatched in Europe to develop and deploy field-proven mission-critical information systems. To this end, the group's civil and military businesses develop in parallel and share a common base of technologies to serve a single objective: the security of people, property and nations. The group builds its growth on its unique multi-domestic strategy based on trusted partnerships with national customers and market players, while leveraging its global expertise to support local technology and industrial development. Thales employs 68,000 people in 50 countries with 2008 revenues of 12.7 billion. 11

Thales Security Solutions & Services Information Systems Security > Americas 2200 North Commerce Parkway Suite 200 Weston, Florida 33326 Tel.: +1 888 744 4976 or +1 954 888 6200 Fax: +1 954 888 6211 E-mail: sales@thalesesec.com > Asia Pacific Units 2205-06 22/F Vicwood Plaza 199 Des Voeux Road Central Hong Kong, PRC Tel.: +852 2815 8633 Fax: +852 2815 8141 E-mail: asia.sales@thales-esecurity.com > Europe, Middle East, Africa Meadow View House Long Crendon Aylesbury Buckinghamshire HP18 9EQ. UK Tel.: +44 (0)1844 201800 Fax: +44 (0)1844 208550 E-mail: emea.sales@thales-esecurity.com KISCO582A-102009A - Photos: istockphoto, Thales

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback