In the “four corner model”, acquirers are apparently the less active party as their role seems ‘only’ to forward the transaction flow originating from the merchant to and from the issuer. In the model, the acquirer is the merchant’s bank.
An issuer is one of the corners in the ‘four corner’ model. An issuer is a financial organization (e.g. a bank) that produces payment cards and allows the cardholders to use them.
The EMV personalization data processing in itself is not the topic of this article, we will instead focus on the cryptographic schemes involved in EMV personalization, as well as the key management involved; which is both complex and mandatory.
The “Four Corners'' model, also called the Four Party Scheme, is utilized in almost all standard card payment systems across the globe. Here we introduce that model and explain what type of hardware security module (HSM) is needed for each of its components involved in the cryptographic process.
Tokenization is a generalized concept of a cryptographic hash. It means representing something by a symbol (‘token’).
A key management system is a critical component in achieving PCI DSS compliance for a banking institution. It involves implementing a crypto system that manages the secure creation, exchange, distribution, storage and use of cryptographic keys for the ultimate goal of protecting users’ or clients’ sensitive data.