Port of Spain, Trinidad and Tobago: First Citizens Bank will be implementing remote ATM key loading (with RSA authentication) for their network of NCR ATMs. Remote ATM key loading eliminates the need to visit each ATM when periodically loading new ATM cryptographic keys to conform with evolving security standards and compliance mandates. SWITCHWARE® interacts with the Thales HSM and uses RSA to centrally manage the periodic Terminal MasterKey (TMK) distribution to each ATM eliminating the need for multiple bank representatives to inject the TMK into the ATM.
RSA Remote Key Loading (RKL)
Integrated Remote Key Loading (RKL) functions with RSA authentication are incorporated into SWITCHWARE to include support for both Diebold’s Certificate Based Protocol and NCR’s Signature Based Protocol. This integrated solution utilizes existing interfaces to the ATM and Hardware Security Module (HSM) to perform authentication between the ATM and SWITCHWARE with no additional hardware components required. Keys can be periodically and randomly regenerated via commands with the HSM, encrypted with the RSA key and then downloaded to the ATM. Staff can now be used for more productive tasks and your financial institution will benefit from increased transaction security.
Reducing the Cost of Global Compliance
ATMs rely on network protection and encryption keys to keep customer data and ATM funds safe. To reduce the risks of key compromise, individual countries, major networks and card associations enforce strict guidelines for key management including assignment of unique and random master keys for each ATM. These encryption keys must be changed on a regular basis in order to meet compliance mandates and maintain security.
While these fraud mitigation measures have proven invaluable, past compliance with evolving key management protocols has been difficult and expensive to implement, involving a physical visit by a minimum of two key custodians to generate and deploy new ATM keys. Now, with CSFi’s Remote Key Loading, the costs of key generation, storage and distribution processes are dramatically reduced. Key custodians are no longer needed and costs associated with site visits are reduced. New keys are injected into ATMs without the need for a physical visit.
Remote Key Loading Benefits
- Centralized initial key management
- Dynamic key changing
- Eliminates need to be present at ATM to change keys
- Better utilization of staff resources
- No additional hardware required
- Utilizes existing interface to HSM
Remote Key Loading Functions
- Remote ATM key management
- RSA authentication
- Thales HSM support
- NCR signature based protocol support
- Diebold certificate based protocol
To learn more, Register now at CSFi.com and enable full access to our web resources. Once registered, users have full access to brochures, videos and additional information fully describing the features and benefits of Terminal Management, SWITCHWARE®, EZswitch®, G4, Sentinel™, FraudBlock™, EMV support and our entire suite of products, services and solutions.