Send the link below via email or IMCopy
Present to your audienceStart remote presentation
- Invited audience members will follow you as you navigate and present
- People invited to a presentation do not need a Prezi account
- This link expires 10 minutes after you close the presentation
- A maximum of 30 users can follow your presentation
- Learn more about this feature in our knowledge base article
PIN Transaction Keys Explained
Transcript of PIN Transaction Keys Explained
The master key loaded into the HSM by the key officers and used to protect all other keys. It sits at the top of the key hierarchy. Use a triple length 3DES MFK as a best practice. The MFK can now be loaded into HSMs from a remote location using the Securus device.
Terminal Master Key (TMK)
PIN Encryption Key (PEK)
The TMK is shared between the HSM and the ATM and is used to encrypt working keys within the ATM, such as the PIN Encryption Key (PEK). The TMK can now be loaded using Remote Key Loading.
The PEK is stored inside the ATM PIN Pad, and it encrypts the customer's PIN as it is being entered. PIN's remain encrypted at all times throughout the transaction.
Zone Control Master Key (ZCMK)
The ZCMK is shared between the parties in the payment transaction process flow (Acquirer, Switch, Issuer). It is used to encrypt working keys shared between these parties, such as the PIN Encryption Key (PEK).
Acquirer/Issuer Working Key (A/IWK)
The AWK is used to encrypt the PIN between the acquirer and the switch. The IWK is used to encrypt the PIN between the switch and issuer. In this way the PIN remains protected throughout the transaction.
PIN Verification Key
The PVK is stored in the HSM used by the card issuer to perform the validation of the PIN. Only a Yes or a No response is returned, ensuring the PIN is never in the clear. The value is then returned to the merchant to complete the transaction.