A key management system is a critical component in achieving PCI DSS compliance for a banking institution. It involves implementing a crypto system that manages the secure creation, exchange, distribution, storage and use of cryptographic keys for the ultimate goal of protecting users’ or clients’ sensitive data.

Payment Card Industry Data Security Standard (PCI DSS) is an information security standard to protect against credit card fraud and numerous additional security threats & vulnerabilities. Credit/Debit card providers, such as MasterCard and Visa etc., implement the mechanisms and security controls specified and suggested in PCI DSS.

Credit cardholders are generally protected from liability if unauthorized transactions are made with their credit cards because of consumer protection laws and card policies. This leaves merchants and financial institutions on the hook for losses related to credit card fraud. According to an October 2016 Nilson Report, card issuers were burdened with 72 percent of fraudulent losses in 2015 while merchants were left with 28 percent of the losses.

EMV chips on payment cards contain cryptographic co-processors and dual interfaces that allow for contact and contactless payment options. When issuing an EMV card, the customer’s information is extracted from the bank or financial institution’s database.

Migrating from magnetic stripes to EMV based smart cards is a challenging endeavour for banks and their IT teams. Even for small banks, necessary card data preparation rapidly overshoots the level of millions of data entries. In the frame of the migration process, banks need new systems and new processes, interweaving additional external entities.

This article gives an insight into the EMV chip technology, which is being rolled out on a world-wide scale to increase the level of fraud protection in credit card transactions. It presents and discusses legal incentives for migration, security benefits, a detailed view of the sequence of steps in a transaction and a concluding discussion.

This article discusses how the security protection of payment card data used in a transaction can be maximized by integrating PCI DSS with EMV technology.

This article discusses how various factors and related controls can affect the effectiveness and strength of the security protection for a cryptographic system.

It gives particular consideration to the requirements of the Payment Card Industry (PCI)

During April 2015, PCI DSS v3.1 was released as the latest iteration for industry-wide requirements and guidelines for securing cardholder data. 

This blog post discusses the cryptographic key management techniques used in the banking industry to comply with PCI DSS.