Your SlideShare is downloading. ×
Ghl systems net matrix terminal line encryption 2009 2010
Ghl systems net matrix terminal line encryption 2009 2010
Ghl systems net matrix terminal line encryption 2009 2010
Ghl systems net matrix terminal line encryption 2009 2010
Ghl systems net matrix terminal line encryption 2009 2010
Ghl systems net matrix terminal line encryption 2009 2010
Ghl systems net matrix terminal line encryption 2009 2010
Ghl systems net matrix terminal line encryption 2009 2010
Ghl systems net matrix terminal line encryption 2009 2010
Ghl systems net matrix terminal line encryption 2009 2010
Ghl systems net matrix terminal line encryption 2009 2010
Ghl systems net matrix terminal line encryption 2009 2010
Ghl systems net matrix terminal line encryption 2009 2010
Ghl systems net matrix terminal line encryption 2009 2010
Ghl systems net matrix terminal line encryption 2009 2010
Ghl systems net matrix terminal line encryption 2009 2010
Ghl systems net matrix terminal line encryption 2009 2010
Ghl systems net matrix terminal line encryption 2009 2010
Ghl systems net matrix terminal line encryption 2009 2010
Ghl systems net matrix terminal line encryption 2009 2010
Ghl systems net matrix terminal line encryption 2009 2010
Ghl systems net matrix terminal line encryption 2009 2010
Ghl systems net matrix terminal line encryption 2009 2010
Ghl systems net matrix terminal line encryption 2009 2010
Ghl systems net matrix terminal line encryption 2009 2010
Ghl systems net matrix terminal line encryption 2009 2010
Ghl systems net matrix terminal line encryption 2009 2010
Ghl systems net matrix terminal line encryption 2009 2010
Ghl systems net matrix terminal line encryption 2009 2010
Ghl systems net matrix terminal line encryption 2009 2010
Ghl systems net matrix terminal line encryption 2009 2010
Ghl systems net matrix terminal line encryption 2009 2010
Ghl systems net matrix terminal line encryption 2009 2010
Ghl systems net matrix terminal line encryption 2009 2010
Ghl systems net matrix terminal line encryption 2009 2010
Ghl systems net matrix terminal line encryption 2009 2010
Ghl systems net matrix terminal line encryption 2009 2010
Ghl systems net matrix terminal line encryption 2009 2010
Ghl systems net matrix terminal line encryption 2009 2010
Ghl systems net matrix terminal line encryption 2009 2010
Ghl systems net matrix terminal line encryption 2009 2010
Ghl systems net matrix terminal line encryption 2009 2010
Ghl systems net matrix terminal line encryption 2009 2010
Ghl systems net matrix terminal line encryption 2009 2010
Ghl systems net matrix terminal line encryption 2009 2010
Ghl systems net matrix terminal line encryption 2009 2010
Ghl systems net matrix terminal line encryption 2009 2010
Ghl systems net matrix terminal line encryption 2009 2010
Ghl systems net matrix terminal line encryption 2009 2010
Ghl systems net matrix terminal line encryption 2009 2010
Ghl systems net matrix terminal line encryption 2009 2010
Ghl systems net matrix terminal line encryption 2009 2010
Ghl systems net matrix terminal line encryption 2009 2010
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Ghl systems net matrix terminal line encryption 2009 2010

1,844

Published on

NetMATRIX (Multi-Application Transaction Routing and Identification eXchange) Terminal Line Encryption - is the complete solution for banks wishing to introduce terminal line encryption into their …

NetMATRIX (Multi-Application Transaction Routing and Identification eXchange) Terminal Line Encryption - is the complete solution for banks wishing to introduce terminal line encryption into their existing POS network infrastructure.

0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
1,844
On Slideshare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
87
Comments
0
Likes
1
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Agenda
  • 2. PAYMENT & SECURITY TRENDS
  • 3. E2EE: What is it? “…is defined as the continuous protection of the confidentiality and integrity of transmitted information by encrypting it at the origin and decrypting at its destination.…” Computer Desktop Encyclopedia
  • 4. E2EE: The story so far… Smart Card Alliance Sept 2009
  • 5. KEY CONCEPTS OF TLE
  • 6. en·cryp·tion /-'krip-sh&n/ In cryptography, encryption, is the process of transforming information to make it unreadable to anyone except those possessing special knowledge, usually referred to as a key. The result of the process is encrypted information (Wikipedia)
  • 7. MAC-ing is the process of “fingerprinting” data to allow any tampering to be detected, where the fingerprint is encrypted so only Sender/Receiver can form a real MAC and thus, allowing the receiver to authenticate & verify the message Message Authentication Code
  • 8. THE MALAYSIAN EXPERIENCE
  • 9. Real Tapping Threats
  • 10. Wire tapping threats
  • 11. A brief look at history…
  • 12. The Line Encryption Working Group
  • 13. Design Parameters
  • 14. Key Considerations
  • 15. Minimum Data Encryption Requirements Encrypted Data Elements 1. CVV 2. CVV and PAN / Track2 Terminal Key Storage 2 2 4 2 3 4 1. Outside secure module 2. Within tamper reactive module MAC algorithm Key Usage Methodology ENC algorithm 1. Unique-key-per-terminal 2. Unique-key-per-session-per-term Key Differentiation 3. Unique-key-per-transaction Key Usage 4. Derived Unique Key Per Txn (DUKPT) Key Storage Key Differentiation 1. Same key for ENC & MAC ENC Data elements 2. Different key for ENC & MAC Encryption Algorithm 1. TEA – Tiny Encryption Algorithm 2. DES – Data Encryption Standard Highest Score: 2-2-4-2-3-4 3. 3DES/AES Lowest Score: 1-1-1-1-1-1 MAC Algorithm 1. No MAC 2. CRC32 + MAC 3. CRC32 + RMAC 4. SHA-1 + RMAC, or SHA-1 + AES MAC
  • 16. General Approaches Host-based NAC-based Interception-based Host Host Host HSM SNAC NAC NAC NAC NAC NAC NAC NAC
  • 17. THE RESULTS
  • 18. The Results… Source: Visa VPSS Payment Security Bulettin, 2006
  • 19. The Results… Source: Visa VPSS Payment Security Bulettin, 2006
  • 20. The Results… Source: Visa VPSS Payment Security Bulettin, 2006
  • 21. The Results… Source: Visa VPSS Payment Security Bulettin, 2006
  • 22. The Results…
  • 23. Payments: The story today… Source: BNM, 2009 Financial Stability and Payment Systems Report 2008
  • 24. Payments: The story today “…(card fraud) losses continued to be insignificant, accounting for less than 0.04% of total card transactions during the year.”
  • 25. PAYMENT SECURITY MYTHS
  • 26. Encryption Myths
  • 27. Summary: Considerations for TLE Addresses all threats Addresses Implementation issues Addresses Deployment Issues Addresses Administration Issues Multi-channel & multi-device Support Vendor Independence Performance Cost-Effective Remote Key Injection
  • 28. Additional References 1. The Smart Card Alliance (http://www.smartcardalliance.org/) 2. PCI Security Standards Council (https://www.pcisecuritystandards.org/) 3. Visa Best Practices, Data Field Encryption Version 1.0 (http://corporate.visa.com/_media/best-practices.pdf) 4. Secure POS Vendors Association (http://www.spva.org/index.aspx) 5. GHL Systems (http://www.ghl.com/netMATRIX )
  • 29. Net MATRIX Terminal Line Encryption
  • 30. “Typical” Transaction Flow Acquiring Net MATRIX Bank Credit Card Host NII: 160 Acquiring Host Issuing Switching NAC Bank Host 160 Message Remote NAC Remote NAC EDC Terminals
  • 31. Encrypted Transaction Flow Acquiring Net MATRIX Bank Credit Card Host NII: 160 Acquiring Host 160 Enc Message NetMATRIX TLE NII: Issuing 161 Bank Switching NAC Host 161 Enc Message Remote NAC Remote NAC EDC Terminals
  • 32. Encrypted Transaction Flow II Acquiring Net MATRIX Bank Credit Card Host NII: 160 Acquiring Host 160 Enc Message Issuing NetMATRIX TLE NII: Bank 161 Switching NAC Host 161 Enc Message Remote NAC Remote NAC EDC Terminals
  • 33.                   
  • 34. Accolades & Accomplishments

×