Strong cryptography and key management requirements for EMV and PCI DSS compliance

EMV chips on payment cards contain cryptographic co-processors and dual interfaces that allow for contact and contactless payment options. When issuing an EMV card, the customer’s information is extracted from the bank or financial institution’s database. The customer's information is then fed into a data preparation system where additional data is used to securely encrypt the customer’s information. This data includes digital certificates and cryptographic keys. The final step is the personalization process where this data is written to the EMV chip on the payment card.

Read more

What Banks should consider when migrating from magnetic stripes to EMV smart cards

Migrating from magnetic stripes to EMV based smart cards is a challenging endeavour for banks and their IT teams. Even for small banks, necessary card data preparation rapidly overshoots the level of millions of data entries. In the frame of the migration process, banks need new systems and new processes, interweaving additional external entities.

Read more

Reducing Payment Card Fraud by Shifting over to EMV Chip Technology

This article gives an insight into the EMV chip technology, which is being rolled out on a world-wide scale to increase the level of fraud protection in credit card transactions. It presents and discusses legal incentives for migration, security benefits, a detailed view of the sequence of steps in a transaction and a concluding discussion.

Read more

Enhancing Payment Card Security Integrating PCI DSS with EMV Technology

This article discusses how the security protection of payment card data used in a transaction can be maximized by integrating PCI DSS with EMV technology.

 

Read more

Methods of Maximizing the Security Protection of a Cryptographic System relating to the Payment Card Industry (PCI)

This article discusses how various factors and related controls can affect the effectiveness and strength of the security protection for a cryptographic system.

It gives particular consideration to the requirements of the Payment Card Industry (PCI)

Read more

How Leading Banks Excel at PCI DSS through Key Management

During April 2015, PCI DSS v3.1 was released as the latest iteration for industry-wide requirements and guidelines for securing cardholder data. 

This blog post discusses the cryptographic key management techniques used in the banking industry to comply with PCI DSS.

Read more

10 Tips for a Cryptographic Key Management System in the Banking Industry - a Penetration Testing Perspective

This article discusses the shortcomings and learnings from penetration testing of cryptographic key management systems for banking organizations.

Read more

EMV: The Fraud Bulldozer

These days everyone has a stake in Chip and PIN security - it can be the topic of the over-the-counter conversation as you pay, of the boardroom executives at a bank, or over a pint at the pub. So how is EMV, the electronic payments standard underlying Chip and PIN shaping up? And what is the modern landscape of payments fraud? Here, Mike Bond, Technical Director at Cryptomathic, shares his opinion.  

Read more

Issuing MULTOS Cards

MULTOS cards are being deployed in steadily increasing numbers and Cryptomathic is delighted to be involved in MULTOS projects across the globe.

MULTOS is a high-security card platform and issuing model in which the "personalization" of cards with the cardholders' data is done in one single logical step before reaching the actual personalization machines. This is quite the opposite to the standard method of personalizing native cards where the data is sent to the cards, element by

Read more