CONTINUE TO SITE »
or wait 15 seconds

News

Remote key distribution may improve compliance rates, security

June 29, 2004

Trying to improve PIN security, EFT networks require their members to use a unique encryption key for each ATM. While the requirement has been ignored by some ATM owners due to high implementation costs, a movement toward remote key distribution could improve compliance rates.

The use of unique keys was first required in a standard produced by the X9A3 committee in the early 1990s. Accredited by the American National Standards Institute, X9 develops and publishes voluntary technical standards for the financial services industry. Card associations and networks adopt many of ANSI's standards, thus giving them considerable clout in the electronic funds transfer industry.

Despite the logic of using unique keys, many ATM owners have ignored the requirements. And until recently, networks didn't push the issue.

Now, all ATM deployers are faced with re-keying their networks to satisfy mandates for Triple DES encryption, which doubles the length of the keys to 32 hexadecimal characters. Because of this, incidents of "fat finger syndrome," in which a service tech enters the wrong digits, could increase, said Jim Shaffer, senior product manager for security initiatives at ACI Worldwide. Most ATMs, however, provide key check digits to ameliorate the fat finger problem, according to Dennis Abraham, president of Trusted Security Solutions and a member of the X9.24 committee.

Abraham said that eliminating humans from the key-loading process at ATMs might also boost PIN security - if the system is properly implemented.

Remote key capability will better position the industry to handle any future PIN security threats, believes John Sheets, chairman of the X9 working group and vice president and chief security officer for point-of-sale terminal manufacturer Ingenico Group.

Rush to remote key?

Trusted Security has added remote re-key functionality that supports Diebold and NCR methods to its A98 Initial Key Establishment System, Abraham said.

While Diebold and NCR machines have included encryption PIN pads with remote key support for nearly two years, most other manufacturers have not yet begun doing so. Hardware upgrades will be required for machines without support for remote key built into EPPs, Abraham said.

In addition, a hardware upgrade of the HSM may be required at the host end, and new software is required at both the host and the ATM.

Using Trusted Security's A98 method will remove some of the complexity, Abraham said. The A98 system's XML-based Remote Re-Key Module will exchange keys, signatures and certificates with the ATM's terminal handler or device driver via a TCP/IP link.

This approach confines modifications to the ATM device driver and eliminates any additional changes at the host, including the need to add public key capability to the HSM, Abraham said.

Included In This Story

Diebold Nixdorf

As a global technology leader and innovative services provider, Diebold Nixdorf delivers the solutions that enable financial institutions to improve efficiencies, protect assets and better serve consumers.

Request Info
Learn More

Related Media

Security
Examining biggest ATM security issues and 4 strategies to prevent them
Security
Banking privacy: 5 benefits for banks, customers
Security
Protecting an ATM's hardware, software by slowing down criminals
On-Demand Webinar
A Masterclass in ATM Security: Global Best Practices and Trends
Presented by Diebold Nixdorf
Recent Posts
SEC accuses former ATM businessman Daryl Heller of funneling $185M from investors
Fifth Third named as top veteran friendly employer
DC AG sues Bitcoin ATM operator Athena Bitcoin for allegedly exploiting scam victims
NCR Atleos earns #5 rank in fintech rankings
SEC to revamp cryptocurrency policies amid Trump's pro crypto push


©2025 Networld Media Group, LLC. All rights reserved.
b'S2-NEW'