News

CASE STUDY: TDES upgrade brings added benefits for FI

The credit union for Anheuser-Busch employees took care of current and future needs with its move to compliance.

June 27, 2004

The following case study was sponsored by Thales e-Security

The Situation
Because of the pending deadlines for Triple DES, Anheuser-Busch Employees' Credit Union (ABECU) needed to develop an end-to-end system to achieve total Triple DES compliance from ATM to host.

The Challenge
ABECU needed a new transaction processing platform and Host Security Module (HSM) because its current platform did not support Triple DES. The migration to Triple DES presented ABECU, which drives its own ATMs, with the opportunity to evaluate its entire transaction processing environment.

A coordinated effort between the ATM vendor, Diebold; application vendor, Mosaic Software; and HSM vendor, Thales e-Security, was required.

The Response
Calvin Curdt, ABECU's vice president of information systems, said that ABECU replaced a few of its 39 ATMs, most of which are located at branches, and upgraded some others with faster processors and more memory to support Triple DES.

ABECU's ATM vendor, Diebold, has reseller agreements with both Mosaic Software and Thales e-Security. After consulting with Diebold, ABECU decided to use Mosaic's Postilion advanced transaction processing system and the Thales e-Security HSM 8000 to achieve Triple DES compliance.

"We figured we'd just jump in with both feet and upgrade the entire network," Curdt said, noting that the cost of the entire effort ran well into six figures.

The upgrade required a great deal of coordination between the vendors and lots of preparation before the actual installation began. "All of the parties involved did a lot of homework," said Chris Klein, Mosaic's vice president of marketing.

Doug Grote, Thales' business development manager, compared it to the effort that went on before Y2K. When it came time for the real world implementation, everything went fairly smoothly because the vendors spent so much time in test labs beforehand trying to address any potential problems.

The ABECU installation is one of about 20 that Diebold, Mosaic and Thales have completed as a team, Klein said. The entire effort generally takes 90 to 120 days.

The Results

Colette Broadway, Thales' technical project manager, said Thales' previous generation HSM, the 7000 series, can be upgraded to support Triple DES with a firmware change. However, the HSM 8000, which was introduced in 2002, was "designed to support Triple DES from day one."

Another benefit of the Thales HSM, Broadway said, is that it supports a mixed environment, in which both DES and Triple DES encryption may be used. This will be important over the next few years, as both methods are expected to coexist as the entire industry migrates to Triple DES.

By switching to the HSM 8000, ABECU also gained the ability to support other needs such as changes in communications protocols and future methods of remote key distribution and management.

Thales is one of the vendors participating in the ANSI (American National Standards Institute) X9 committee that is currently creating standards for remote key distribution that will likely be adopted industry wide. Broadway said remote key distribution will be one of the key benefits for ATM deployers following Triple DES upgrades.

Currently, two people must visit ATMs and manually enter separate halves of key components. The ability to load keys remotely will remove the need for costly visits to the ATM and allow deployers to change the keys more frequently, which will improve PIN security.

Mosaic's Postilion platform also offered additional benefits beyond Triple DES compliance, including improved reporting and the capability to add advanced function transactions when ABECU is ready to do so.

Gaining benefits beyond Triple DES compliance "made the cost more palatable," said Curdt. "We think this will really help us with the ability to use our ATMs as marketing devices. We want to be able to recognize our members every time they swipe their cards at an ATM, so we can market appropriate products to them."

Mosaic's Klein believes that the migration to Triple DES will jumpstart many deployers' plans for advanced functionality at the ATM. "I think a lot of folks have been considering offering advanced functionality but have lacked a compelling business case to do so. It's easier to cost justify replacing your system if you have to do it for Triple DES anyway," he said.

To download a PDF version of this article, click here:
http://www.atmmarketplace.com/pdf/12527_CaseStudy_02.pdf