paySmart® PIN Protection
paySmart® PIN Protection
An Issuers’ frequent need is a way to securely generate, store, and validate passwords. But for cost reasons, this is done exclusively in software, with all the risks of this approach.
With paySmart’s PPS service, Issuers can generate, validate and translate
passwords securely within Hardware Security Module (HSM) using a simple API.
EASY, SAFE AND WITH LOW COST
With paySmart® PPS technology, password management is simple and within reach of any Issuer. The customer uses the same interfaces that it is already used to and has the same level of protection used by the largest banks and payments systems operators worldwide. In addition, it pays only for active cards, without worrying about transaction values or number of transactions.
To provide the password management service, paySmart® uses HSM (Hardware Security Module) cryptographic devices that do not expose passwords and extreme performance servers, running in financial datacenters.
paySmart takes care about all issues related to generation or insertion of keys, including key-generation ceremonies or exchange keys between players
The client connects to paySmart and uses a simple API to randomly generate or import previously generated passwords. Passwords are now securely stored, protected by HSMs certified payments PCI PIN Transaction Security (PTS)
The client connects to paySmart and validates encrypted password blocks (PINBlocks). All the complexity of dealing with different encryption mechanisms is abstracted by the API
The service can also be used for translation of password blocks between Acquirers or between Acquirers and Issuers
How it works
Support to all PIN block formats (Personal Identification Number) ISO-0, ISO-1, ISO-2 and ISO-3 defined by ISO 9564 (Financial services – PIN management and security)
Use of payment cryptographic hardware (HSMs) in all processes (generation, storage and validation)
Generation of 4 to 12 digit numerical random passwords, with truly random processes, that means, generation of random numbers directly in the cryptographic hardware
Automatic removal of random passwords with many repeated and/or sequential digits, based on customers’ date of birth or address (configurable)
Native protection against very strong attacks with a counter of incorrect online password validation attempts (OPTC online PIN Try Counter)
Native protection against dictionary attacks, with diversified password storage instead of the same cryptogram for all cards with the same password
Transparent operation during data preparation, based on the same format of embossing files that the client knows
Transparent operation during transaction validation, using the same TCP/IP sockets format that the client knows;
Support for the reuse of previous passwords already distributed to the client
Support for online passwords update exchanged by other client’s interfaces
Support for chip cards configured to work with offline passwords or online passwords
Support for magnetic cards, with no chip yet, configured to work with online passwords
Support to receive PIN Blocks X9.8 MK SK (Master Key/Session Key)
Suporte to receive PIN Blocks X9.24 DUKPT (Derived Unique.Key Per Transaction).