Your SlideShare is downloading. ×
  • Like
Ghl systems net matrix terminal line encryption 2009 2010
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×

Now you can save presentations on your phone or tablet

Available for both IPhone and Android

Text the download link to your phone

Standard text messaging rates apply

Ghl systems net matrix terminal line encryption 2009 2010

  • 1,808 views
Published

NetMATRIX (Multi-Application Transaction Routing and Identification eXchange) Terminal Line Encryption - is the complete solution for banks wishing to introduce terminal line encryption into their …

NetMATRIX (Multi-Application Transaction Routing and Identification eXchange) Terminal Line Encryption - is the complete solution for banks wishing to introduce terminal line encryption into their existing POS network infrastructure.

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
No Downloads

Views

Total Views
1,808
On SlideShare
0
From Embeds
0
Number of Embeds
2

Actions

Shares
Downloads
86
Comments
0
Likes
1

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. Agenda
  • 2. PAYMENT & SECURITY TRENDS
  • 3. E2EE: What is it? “…is defined as the continuous protection of the confidentiality and integrity of transmitted information by encrypting it at the origin and decrypting at its destination.…” Computer Desktop Encyclopedia
  • 4. E2EE: The story so far… Smart Card Alliance Sept 2009
  • 5. KEY CONCEPTS OF TLE
  • 6. en·cryp·tion /-'krip-sh&n/ In cryptography, encryption, is the process of transforming information to make it unreadable to anyone except those possessing special knowledge, usually referred to as a key. The result of the process is encrypted information (Wikipedia)
  • 7. MAC-ing is the process of “fingerprinting” data to allow any tampering to be detected, where the fingerprint is encrypted so only Sender/Receiver can form a real MAC and thus, allowing the receiver to authenticate & verify the message Message Authentication Code
  • 8. THE MALAYSIAN EXPERIENCE
  • 9. Real Tapping Threats
  • 10. Wire tapping threats
  • 11. A brief look at history…
  • 12. The Line Encryption Working Group
  • 13. Design Parameters
  • 14. Key Considerations
  • 15. Minimum Data Encryption Requirements Encrypted Data Elements 1. CVV 2. CVV and PAN / Track2 Terminal Key Storage 2 2 4 2 3 4 1. Outside secure module 2. Within tamper reactive module MAC algorithm Key Usage Methodology ENC algorithm 1. Unique-key-per-terminal 2. Unique-key-per-session-per-term Key Differentiation 3. Unique-key-per-transaction Key Usage 4. Derived Unique Key Per Txn (DUKPT) Key Storage Key Differentiation 1. Same key for ENC & MAC ENC Data elements 2. Different key for ENC & MAC Encryption Algorithm 1. TEA – Tiny Encryption Algorithm 2. DES – Data Encryption Standard Highest Score: 2-2-4-2-3-4 3. 3DES/AES Lowest Score: 1-1-1-1-1-1 MAC Algorithm 1. No MAC 2. CRC32 + MAC 3. CRC32 + RMAC 4. SHA-1 + RMAC, or SHA-1 + AES MAC
  • 16. General Approaches Host-based NAC-based Interception-based Host Host Host HSM SNAC NAC NAC NAC NAC NAC NAC NAC
  • 17. THE RESULTS
  • 18. The Results… Source: Visa VPSS Payment Security Bulettin, 2006
  • 19. The Results… Source: Visa VPSS Payment Security Bulettin, 2006
  • 20. The Results… Source: Visa VPSS Payment Security Bulettin, 2006
  • 21. The Results… Source: Visa VPSS Payment Security Bulettin, 2006
  • 22. The Results…
  • 23. Payments: The story today… Source: BNM, 2009 Financial Stability and Payment Systems Report 2008
  • 24. Payments: The story today “…(card fraud) losses continued to be insignificant, accounting for less than 0.04% of total card transactions during the year.”
  • 25. PAYMENT SECURITY MYTHS
  • 26. Encryption Myths
  • 27. Summary: Considerations for TLE Addresses all threats Addresses Implementation issues Addresses Deployment Issues Addresses Administration Issues Multi-channel & multi-device Support Vendor Independence Performance Cost-Effective Remote Key Injection
  • 28. Additional References 1. The Smart Card Alliance (http://www.smartcardalliance.org/) 2. PCI Security Standards Council (https://www.pcisecuritystandards.org/) 3. Visa Best Practices, Data Field Encryption Version 1.0 (http://corporate.visa.com/_media/best-practices.pdf) 4. Secure POS Vendors Association (http://www.spva.org/index.aspx) 5. GHL Systems (http://www.ghl.com/netMATRIX )
  • 29. Net MATRIX Terminal Line Encryption
  • 30. “Typical” Transaction Flow Acquiring Net MATRIX Bank Credit Card Host NII: 160 Acquiring Host Issuing Switching NAC Bank Host 160 Message Remote NAC Remote NAC EDC Terminals
  • 31. Encrypted Transaction Flow Acquiring Net MATRIX Bank Credit Card Host NII: 160 Acquiring Host 160 Enc Message NetMATRIX TLE NII: Issuing 161 Bank Switching NAC Host 161 Enc Message Remote NAC Remote NAC EDC Terminals
  • 32. Encrypted Transaction Flow II Acquiring Net MATRIX Bank Credit Card Host NII: 160 Acquiring Host 160 Enc Message Issuing NetMATRIX TLE NII: Bank 161 Switching NAC Host 161 Enc Message Remote NAC Remote NAC EDC Terminals
  • 33.                   
  • 34. Accolades & Accomplishments