CONTINUE TO SITE »
or wait 15 seconds

News

Take the dread out of key management

January 24, 2005

Burglary rates would skyrocket if thieves could enter every house in a neighborhood with a single key. The same principle applies to ATMs.

Encryption keys are used to protect PIN security at ATMs. Most major EFT networks require financial institutions and other deployers to use a unique key for each ATM.

But networks and others have not aggressively enforced those requirements, said Dennis Abraham, president of Trusted Security Solutions. Many deployers have based key management programs on the gazelle theory, he said. "If I'm in the middle of a bunch of other gazelles … how fast do I have to run to avoid getting eaten?"


This story and all the great free content on ATM Marketplace
is supported by:

Trusted Security



Abraham, who has conducted independent audits for clients like Visa, said two of the most common network policy violations are use of the same key in multiple machines and sending one person, rather than the required two, to load keys into machines.

Trusted Security's director of business development, David Pharr, said some financial institutions are reviewing PIN security strategies - including key management - as they upgrade their ATMs to run Triple DES encryption.

Key management products support management of both DES and Triple DES keys, and allow technicians to switch keys from DES to Triple DES in the field - without waiting for delivery of packages filled with key components to the ATM site. Trusted Security's product, A98, eliminates the tasks of key generation and maintaining audit logs.

Streamline key distribution

Teachers Credit Union in South Bend, Ind., recently automated its key-management system using A98.

"Our previous key-management process involved many departments and 11 separate people in order to generate, transport, store, load and destroy each key component," said Carol Zeiger, TCU's ATM technical coordinator. "It was a nightmare to get coordinated and was difficult to keep all the paper logs updated and everyone following compliant procedures."

Since implementing automation, Teachers has cut in half the number of staff members involved in key management.

"The manual process is gone," Zeiger said. "After key components are loaded at an ATM, the two technicians call into the A98 voice response system, enter their respective data, and a cryptogram is generated that anyone in the data center can enter into our system. Thus, here at TCU, it only entails one person to enter the cryptogram."

The primary task of TCU's administrator for key management is simply monitoring how the A98 system is working, Zeiger said.

Products like A98 can also remotely distribute keys to ATMs, removing the need to send technicians to machines. Transaction processor eFunds, which also uses A98, has already introduced remote key distribution to its customers.

About 40 percent of A98 users are processors like eFunds and Genpass; the rest are deployers.

Pharr said systems with the ability to provide both manual and remote key distribution benefits banks and credit unions whose ATM networks include both legacy machines incapable of handling remote distribution and recent models that support it.

Related Media

Security
Examining biggest ATM security issues and 4 strategies to prevent them
Security
Banking privacy: 5 benefits for banks, customers
Security
Protecting an ATM's hardware, software by slowing down criminals
On-Demand Webinar
A Masterclass in ATM Security: Global Best Practices and Trends
Presented by Diebold Nixdorf

Software
Top 10 ATM software solutions
Software
Examining the past, present and future of XFS
Commentary
ATM features: 5 to include
Special Report
2024/25 ATM & Self-Service Software Trends
Presented by KAL ATM Software GmbH
Recent Posts
Bank of England softens tone on stablecoins, say they should be regulated
Ross, Pennsylvania Chase ATM set ablaze for alleged anti-government protest
4 strategies for Independent ATM Deployers
America First Credit Union to open 8 branches in Arizona
Crest Savings Bank selects Vine for AI commercial lending


©2025 Networld Media Group, LLC. All rights reserved.
b'S2-NEW'