7 - December 2015
Swedbank, the largest retail bank in Sweden and one of Europe’s largest payment acquiring networks, has implemented Cryptomathic’s Key Management System (CKMS), to securely manage keys across its card payment acquirer network and its payment terminal management system.
CKMS provides Swedbank with a secure, fully compliant and scalable platform for the centralised and automated lifecycle management of keys across its own card issuing and authorisation systems, in addition to thousands of keys for more than fifty partner banks in their card payment acquirer network.
Cryptomathic also delivered a second solution, the Cryptomathic Terminal Key Management System (TKMS), which enables Swedbank to derive keys for provisioning to EFTPOS terminals. Based on the core CKMS security architecture, TKMS had to be custom-built to take into account Swedish card payment standards related to payment terminal key derivation.
Together, CKMS and TKMS provide the first truly centralised key management system for the Swedish banking market. The solution enables Swedbank to meet and demonstrate compliance to its current regulatory obligations and quickly adapt to future changes in policy and the regulatory landscape. The solution also allows Swedbank to benefit from streamlined key management processes, increased automation of procedures and reduced administrative overheads.
Commenting on behalf of Swedbank, Stefan Andersson, Business Security Manager, says: “Compliance, scalability, user experience, interoperability and deployment time frame were all key factors in the selection of the best key management system for Swedbank. Cryptomathic’s CKMS and TKMS solutions deliver against all of these factors and additionally implementation was achieved within an ambitious nine month project time line. Not only has Cryptomathic’s solution enabled Swedbank to meet its compliance requirements, it has significantly reduced the cost of key management to the security operations team. We are very pleased with the result and the relationship.”
Morten Landrock, Executive Vice-President EMEA at Cryptomathic, adds: “It has been a privilege to work on this deployment and to demonstrate the capabilities of CKMS on the scale of Swedbank’s operations across Sweden, the Nordics and Baltics. It has also been satisfying to deliver a solution which has been fully customised to meet the specific needs of the Swedish banking sector.
“CKMS has been developed over many years, to meet the requirements of a global customer base comprising high profile banks, card payment schemes and processors, so from an international banking and payment scheme perspective the solution addresses all regulatory requirements as standard. Various customisations were required to meet Swedbank’s obligations in the Swedish market however, including the creation of TKMS to support its payment terminal key derivation activity. The end result is the first centralised key management solution for the Swedish banking sector and a further enhanced Cryptomathic key management offering.”
Cryptomathic is a market leading e-security provider, which has over 15 years’ experience in delivering secure, automated lifecycle key management solutions on a global scale. CKMS offers a flexible key push protocol allowing the secure distribution of keys to almost any secure host system from any vendor. The system also enables and simplifies internal and external compliance of financial regulations, such as PCI.
To find out more about CKMS, visit the CKMS product page or download the Swedbank Case Study.