Loading presentation...

Present Remotely

Send the link below via email or IM


Present to your audience

Start remote presentation

  • Invited audience members will follow you as you navigate and present
  • People invited to a presentation do not need a Prezi account
  • This link expires 10 minutes after you close the presentation
  • A maximum of 30 users can follow your presentation
  • Learn more about this feature in our knowledge base article

Do you really want to delete this prezi?

Neither you, nor the coeditors you shared it with will be able to recover it again.


PIN Transaction Keys Explained

No description

Greg Stone

on 17 September 2014

Comments (0)

Please log in to add your comment.

Report abuse

Transcript of PIN Transaction Keys Explained

Master File Key (MFK)
The master key loaded into the HSM by the key officers and used to protect all other keys. It sits at the top of the key hierarchy. Use a triple length 3DES MFK as a best practice. The MFK can now be loaded into HSMs from a remote location using the Securus device.
Terminal Master Key (TMK)
PIN Encryption Key (PEK)
The TMK is shared between the HSM and the ATM and is used to encrypt working keys within the ATM, such as the PIN Encryption Key (PEK). The TMK can now be loaded using Remote Key Loading.
The PEK is stored inside the ATM PIN Pad, and it encrypts the customer's PIN as it is being entered. PIN's remain encrypted at all times throughout the transaction.
Zone Control Master Key (ZCMK)
The ZCMK is shared between the parties in the payment transaction process flow (Acquirer, Switch, Issuer). It is used to encrypt working keys shared between these parties, such as the PIN Encryption Key (PEK).
Acquirer/Issuer Working Key (A/IWK)
The AWK is used to encrypt the PIN between the acquirer and the switch. The IWK is used to encrypt the PIN between the switch and issuer. In this way the PIN remains protected throughout the transaction.
PIN Verification Key
The PVK is stored in the HSM used by the card issuer to perform the validation of the PIN. Only a Yes or a No response is returned, ensuring the PIN is never in the clear. The value is then returned to the merchant to complete the transaction.
Full transcript