Cryptographic keys are used to ensure the identity of credit card holders, secure ATM and POS transactions and to protect information sent over payment networks. They are also used to a growing extent to protect corporate assets within banks’ and payment processor networks. Regulatory compliance is driving players in this industry to increase the use of cryptographic keys to encrypt databases, authenticate users and enable digital signing of documents.
Secure key management is critical when creating safe electronic payments and Chiave KMF sets a new standard when it comes to meeting the industry’s security standard. Verifone, the leading provider of electronic payment solutions in Europe, is using the Chiave KMF solution from Verisec to manage their critical keys.
To date, key management has mostly been conducted manually, which has resulted in complex and resource-intensive processes that require a number of people and functions to be involved. Verifone realized early on that the number of keys they had to deal with would grow exponentially. Over the next five to ten years the number of keys would likely increase from hundreds to the tens of thousands. They felt a need to replace manual processes with automated ones and to build a robust and centralized key management solution keeping track of dual control and split knowledge requirements associated with their cryptographic keys.
Based on requirements and specifications drawn up in dialogue with Verifone and other leaders in the banking and payments industry, Verisec created a new system for managing these keys. Chiave KMF will help financial services companies to centralize the generation of storage of keys, as well as ensure that the appropriate individuals are aware of when a key will expire. Chiave KMF is the first system that can handle this.
By automating and centralizing many of the hitherto manual processes associated with keys, Chiave KMF helps to reduce human error, enhances regulatory compliance and facilitates key management on a larger scale. As an added bonus, automated processes reduces carbon footprint and significant environmental benefits are created.
With the input from Verifone, Verisec has been able to develop a system based on real market needs and requirements. In addition to keeping track of the policies and ceremonies associated with the generation and storage of cryptographic keys, Chiave KMF has the ability to import keys generated elsewhere for central storage, and can also export keys for external systems, regardless of how their technology looks.
With the help of Chiave KMF, banks and payment processors could achieve significant efficiencies and increase security, no matter how many cryptographic keys they have to manage in the future.
Dimitri Binazzi, Information Security Officer EMEA at Verifone, comments on the collaboration:
”Verifone is the European leader in electronic payments and is at the forefront when it comes to incorporating security into payment systems. Our POS terminals always meet the industry’s rigorous security requirements largely because we work with manufacturers and suppliers when formulating demands and specifications. This is also how we worked with Verisec, and we are very pleased with the end result. Chiave KMF is a state of the art key management system that solves most of the problems that the payment industry demands Verifone be able to handle.”
Headquartered in San Jose, California, Verifone is the leader in providing trusted, secure and innovative payment terminals, global payment as a service, and commerce enablement solutions that create more valuable experiences and rich interactions between consumers and merchants. The company’s products and services include mobile, countertop and self-service payment devices, software, and web-based gateways. With 5,300 employees worldwide, and partnerships with local distributors, Verifone is able to deliver innovative payment solutions in 150 countries and across vertical market.