CONTINUE TO SITE »
or wait 15 seconds

News

Decrypting the encryption conundrum

July 5, 2005

Until a couple of years ago, financial institutions typically devised one easy-to-remember encryption key and installed it on all of its ATMs.

That's not the case anymore.

A mandate from VISA and MasterCard requiring unique master keys at every ATM has led FIs of all sizes to frequently produce new keys and organize a means for managing the effort.


This story and all the great free content on ATMmarketplace is supported by:

Futurex

Request free info
from this company!

"We are basically going from a situation where some banks would have one key for a thousand machines to having a thousand keys for a thousand machines," said Steve Weingart, chief technology officer of Futurex Inc., a Bulverde, Texas-based company that develops cryptographic hardware for the ATM industry.

Managing keys "is expensive and it takes a lot of time," he added. "Basically, you have gone from something that was a non-job to something that is a great deal of work."

Time and money

Whether they use older machines that require two technicians to manually insert new keys at each location or newer ones that support remote key software, FIs are investing time and money into coordinating and managing the upgrade.

Weingart said some FIs are doing key management on computers that handle the data in plain text. Furthermore, he said, some are not placing a high enough priority on physical security for computers used in the management process.

"Any place the key is handled in plain text really needs a host-security module," he said.

Jim Shaffer, a product manager at Omaha, Neb.-based ACI Worldwide agreed.

"You could have the greatest cryptography, but if you don't protect the keys, it is useless," he said.

Drew Foley, the director of electronic services for LynxGate Solutions, a Moorepark, Calif., ATM management firm, said FIs are starting to realize the importance of physical security for key management.

"Controls over key management at FIs have become more stringent as attacks have become more sophisticated," Foley said. "There is a higher level of awareness at both an executive level and an audit level to actual risks, as well as the need to anticipate and prepare for potential future risks."

A game of wait-and-see

Weingart said the move to create unique keys has followed a path similar to that of Triple DES, where many FIs are taking a wait-and-see approach.

He said his company has created a hardware security device - the KMS7000 - that can protect key-management systems for both manual and remote key changes.

Jason Anderson, product group manager for Excrypt (an ATM network security application) at Futurex, said interest in the hardware has increased as more FIs have delved into developing and managing unique keys.

"That product is getting a good deal of attention," he said. "We are seeing many companies start by looking for a simple way out, but once they get involved with it, they realize how complicated it can be and then they start looking for a better solution. They start to look for a real solution instead of just a Band-Aid."

Related Media

Security
Examining biggest ATM security issues and 4 strategies to prevent them
Security
Banking privacy: 5 benefits for banks, customers
Security
Protecting an ATM's hardware, software by slowing down criminals
On-Demand Webinar
A Masterclass in ATM Security: Global Best Practices and Trends
Presented by Diebold Nixdorf
Recent Posts
ATM fees increase for 3rd consecutive year
ATM check deposit fraud on the rise in Honolulu
The Farmers Bank renames branches, converts ATMs to ITMs
ParaScript intros verification solution for checks
Nymeo Federal Credit Union wins recognition as 1 of the best workplaces in Maryland


©2025 Networld Media Group, LLC. All rights reserved.
b'S1-NEW'