Encryption Solutions

Solution Summary

CSFi data encryption solutions are designed from the ground up to provide top-rated data security and encryption standards in a fully integrated and easy to implement form. Whether operating thousands or only a few ATMs, the secure transmission of transaction data is essential. Looming regional and global mandates require deployment of the most secure communications protocols available. Anything less will no longer be an option. Profitability and sustainability of transaction processing environments are dependent on successful implementation of mandated encryption protocols.

End-to-End SSL/TLS Encryption

An important aspect of payment security is securing communications between every system or device connected to SWITCHWARE® or EZswitch® . Using a holistic approach including Secure Socket Layer/ Transport Layer Security (SSL/TLS), CSFi’s integrated communication encryption secures endpoint to endpoint communication and helps to ensure the high availability of systems…which financial institutions and customers both expect. Using SSL/TLS secures ATMs, POS devices and other systems such as EFT networks and authorizers by encrypting the transmission of sensitive data across network channels. Read more…

TR-31 Key Block Storage

Effective January 1, 2018 by the PCI Security Council, encrypted symmetric keys must be managed in structures known as “Key Blocks”. These key blocks protect DES and 3DES keys from unauthorized substitution, key replacement or misuse from outside influence. The sensitive information of each key is bookended by a header and binding method. This format permits unique key protection which means that each key contains unique information in the header. This allows for key blocks to be easily identified by a cryptographic system and enables quick identification of false keys attempting to be inserted by a false entity.

RSA ATM Remote Key Loading

Remote Key Loading allows for the remote injection of the A-key (Terminal Master Key) and B-key (PIN Encryption Key). CSFi works with the ATM manufacturer to generate “Certificates” that are needed to validate the source of the key injection and ensure that it is permitted to update any of the stored keys on an ATM. Read More…

Derived Unique Key Per Tran (DUKPT)

Used primarily with Point-of-Sale (POS) devices, CSFi software can utilize a feature that cycles through series of different keys to provide an added layer of encryption. DUKPT allows the device and SWITCHWARE® to cooperatively use different sets of encryption keys for each transaction to prevent hackers from deciphering any of the encrypted values.


The latest evolution of CSFi’s flagship SWITCHWARE® 4.1 product employs architecture offering streamlined, granular management of critical encryption functions, including the following from the list above:

  • SSL/TLS (1.2 or higher) Network Encryption
  • TR-31 Key Block Storage
  • RSA Remote Key Loading

While the EZswitch® middleware solution does not typically perform encryption functions for PIN, CVV or EMV, it does not have connected devices that require key exchange. The latest version of EZswitch can however establish a secure encrypted channel with other connected systems and EFT networks using:

  • SSL/TLS (1.2 or higher) Network Encryption

Contact CSFi for the rest of the story. Learn how CSFi maintains the leading edge in communications security and can cost efficiently promote the compliance of your enterprise, now and forever.

Comments are closed.