Martin Rupp (guest)

Martin Rupp (guest)

The Four Corners Model for Card Payment Security and Key Management

The Four Corners Model for Card Payment Security and Key Management

The “Four Corners” model, also called the “Four Party Scheme”, is utilized in almost all standard card payment systems across the globe. Here, we talk about that model and explain what kind of hardware security module (HSM) is needed for each of its components involved in the cryptographic process.

EMV Personalization cryptographic requirements 

EMV Personalization cryptographic requirements 

EMV Personalization is a process used to get card data into cards, mobile phones, and wearables. The process includes a variety of complicated cryptographic tasks and activities, ranging from choosing proper cryptographic algorithms to authentication procedures. Ensuring all these steps are carried out accurately and securely is highly critical for card issuing and payments.

Protecting Banking Apps Against Malware Threats

Protecting Banking Apps Against Malware Threats

Here we explain why additional security mechanisms, beyond the mobile OS security features, are needed to protect mobile banking applications from malware and related threats.

Overview of Defense Mechanisms for Mobile Banking Apps

Overview of Defense Mechanisms for Mobile Banking Apps

As the use of mobile phones for mobile banking and payment applications increases, corresponding security threats are increasing as well. The majority of smart phones use only two operating systems (Android and iOS) and, therefore, they represent prey of choice for criminal groups and malevolent hackers. 

In this article, we will explain some of the defense mechanisms and security techniques involved with protecting mobile banking applications.

TR-34 Key Blocks for the TR-34 Exchange Protocol: Basic Principles

TR-34 Key Blocks for the TR-34 Exchange Protocol: Basic Principles

Among all the various key block formats, the TR-34 format is undoubtedly one of the most sophisticated.

The TR-34 norm is an implementation of the X9.24-2 norm. It proposes a realistic and efficient way of exchanging symmetric keys using asymmetric cryptography. This is basically a certificate-based Remote Key Loading (RKL) protocol. 

Key blocks and PCI PIN requirements: FAQs

Key blocks and PCI PIN requirements: FAQs

This article proposes a few answers to a series of frequently asked questions (FAQs) about key blocks and their use with PCI.

EMV Payment Security - Acquirers

EMV Payment Security - Acquirers

In the “four corner model”, acquirers are apparently the less active party as their role seems ‘only’ to forward the transaction flow originating from the merchant to and from the issuer. In the model, the acquirer is the merchant’s bank.

EMV Payment Security - Merchants

EMV Payment Security - Merchants

 

Merchants are one of the corners of the ‘four corner’ model in the payment world. In what follows, we will explain some of the security mechanisms for Merchants to prevent unauthorized transactions and payment card fraud.

EMV Payment Security - Issuers

EMV Payment Security - Issuers

An issuer is one of the corners in the ‘four corner’ model. An issuer is a financial organization (e.g. a bank) that produces payment cards and allows the cardholders to use them.