Trying to improve PIN security, EFT networks require their members to use a unique encryption key for each ATM. While the requirement has been ignored by some ATM owners due to high implementation costs, a movement toward remote key distribution could improve compliance rates.
The use of unique keys was first required in a standard produced by the X9A3 committee in the early 1990s. Accredited by the American National Standards Institute, X9 develops and publishes voluntary technical standards for the financial services industry. Card associations and networks adopt many of ANSI's standards, thus giving them considerable clout in the electronic funds transfer industry.
Despite the logic of using unique keys, many ATM owners have ignored the requirements. And until recently, networks didn?t push the issue.
Now, all ATM deployers are faced with re-keying their networks to satisfy mandates for Triple DES encryption, which doubles the length of the keys to 32 hexadecimal characters. Because of this, incidents of "fat finger syndrome," in which a service tech enters the wrong digits, could increase, said Jim Shaffer, senior product manager for security initiatives at ACI Worldwide. Most ATMs, however, provide key check digits to ameliorate the fat finger problem, according to Dennis Abraham, president of Trusted Security Solutions and a member of the X9.24 committee.
Abraham said that eliminating humans from the key-loading process at ATMs might also boost PIN security — if the system is properly implemented.
Remote key capability will better position the industry to handle any future PIN security threats, believes John Sheets, chairman of the X9 working group and vice president and chief security officer for point-of-sale terminal manufacturer Ingenico Group.
Rush to remote key?
Trusted Security has added remote re-key functionality that supports Diebold and NCR methods to its A98 Initial Key Establishment System, Abraham said.
While Diebold and NCR machines have included encryption PIN pads with remote key support for nearly two years, most other manufacturers have not yet begun doing so. Hardware upgrades will be required for machines without support for remote key built into EPPs, Abraham said.
In addition, a hardware upgrade of the HSM may be required at the host end, and new software is required at both the host and the ATM.
Using Trusted Security's A98 method will remove some of the complexity, Abraham said. The A98 system's XML-based Remote Re-Key Module will exchange keys, signatures and certificates with the ATM's terminal handler or device driver via a TCP/IP link.
This approach confines modifications to the ATM device driver and eliminates any additional changes at the host, including the need to add public key capability to the HSM, Abraham said.
