SubscribeThe Secure Key Injection Device (SKI) is the next generation key management tool designed for loading and managing Point Of Sale (POS) encryption keys.
POS Key Injection operations are often faced with the challenge of injecting keys into hundreds of terminals.
The Secure Key Injection Device (SKI) is the next generation key management tool designed for loading and managing Point Of Sale (POS) encryption keys. POS Key Injection operations are often faced with the challenge of injecting keys into hundreds of terminals.
Existing key injection tools are not user friendly and they lack the ability to store device configuration data, making an already cumbersome and repetitive task even more complex. Futurex, in partnership with the leading POS terminal manufactures and merchant terminal service providers developed the SKI Series as the solution to POS key injection to eliminate the hassles of key injection.
Futurex offers Triple DES Secure Key Injector which makes Secure Key Injection as simple as the click of a mouse. The Futurex SKI Series supports the use of Triple DES (TDES) for key injection to POS devices. TDES requires the use of at least a double-length key.
The SKI supports all types of Triple DES key management scheme(s) for POS devices, including MK/SK (master key, session key), DUKPT, and/or Fixed. Many customers have asked, "What does that mean? It is unknown how much fraud has resulted from "cracked" DES keys, however, it is quite conceivable that substantial fraud losses could appear in the future.
More significant than fraud losses is the potential loss of confidence by the public in the security of the network. A successful hacking of an ATM or POS system could generate significant media attention, causing serious brand damage to an ATM network or financial institution.
Know the Interchange Mandates
It is important to know what the Interchange mandates are in order to stay compliant. To date, many card and bank associations have already mandated triple DES implementation. Organizations that determine national and international standards have declared that single DES has reached the end of its useful life. Thus, these organizations have called for the use of triple DES, which provides stronger encryption to protect hacking attacks.
Most mandates call for a phased implementation of triple DES, beginning with the encryption of PINs between the host and the interchanges. At a later date, mandates will require triple DES from the acquiring devices all the way to the point of authorization.
Visa has published the following mandates for Triple Data Encryption Standard (TDES)
January 2003
All newly deployed ATMs (including replacement devices) must support TDES.
January 2004
All newly deployed point of sale (POS) PIN acceptance devices (including replacement devices) must support TDES.
Note: Must support means the device has all the necessary hardware and software required for TDES installed and only requires the loading of a TDES key.
October 2005
All new VisaNet, Interlink, DPS, and Plus endpoints will be installed with TDES Issuer Working Keys (IWK) and/or Acquirer Working Keys (AWK).
December 2007
All VisaNet, Interlink, DPS, and Plus endpoint IWKs and/or AWKs must use TDES.
All transactions originating at ATMs must be encrypting PINs using TDES from the point of transaction to the Issuer (end-to-end).
July 2010
All transactions originating at POS PEDs must be encrypting PINs using TDES from the point of transaction to the Issuer (end-to-end).
MasterCard, has published the following mandates for triple DES:
April 2001
Members may use triple DES at their option
April 2002
Newly installed, replaced, or relocated ATMs and POS devices must be triple DES
capable
April 2003
Member and processor host systems must support triple DES. ATMs placed in service after April 2002 must actively use triple DES.
April 2005
All ATMs must be triple DES compliant
April 2005
It is strongly recommended that POS devices use triple DES
