Technical Overview About Using Hardware Security Module (HSM) in Payment Systems

Payment systems today must adhere to stringent security protocols to ensure the safety and integrity of transactions between customers, merchants, and financial institutions. This article provides an overview of the security processes used in PIN validation, cardholder verification, and transaction security, with references to key industry standards like PCI-DSS (Payment Card Industry Data Security Standard) and ISO-8583.

This article provides a comprehensive overview of the role of HSMs in verifying PINs, securing transactions at ATMs and POS terminals, and using remote key loading. The examples and diagrams attached illustrate the process clearly

Remote Key Loading for ATMs

Remote key loading is a secure process that allows banks to update encryption keys (such as PIN Encryption Keys) in ATMs without physically visiting the machine. This process is essential for maintaining the security of ATMs and ensuring that cryptographic keys are rotated regularly to prevent unauthorized access.

Key Points:

• Key Exchange: The ATM communicates with the HSM or central key management system to exchange new encryption keys.

• Secure Transmission: The new key is encrypted and sent to the ATM over a secure channel (e.g. using a Key Encryption Key (KEK)).

• Automatic Key Update: Once the ATM receives the new key, it is decrypted and securely stored within the PIN pad or other secure elements of the ATM.

Benefits:

• Increased Security: Regular key updates reduce the risk of key compromise.

• Reduced Costs: Remote key loading eliminates the need for physical key insertion, saving time and resources.

Transaction Processing at POS and ATM Terminals

Transaction processing at ATMs and POS terminals involves multiple cryptographic operations to ensure the secure transmission and validation of sensitive customer data. The diagrams provided give a detailed view of how PIN encryption, decryption, and verification occur at each stage of the transaction.

Use Case: Transaction Processing at ATMs

1. PIN Entry and Encryption: The customer enters their PIN at the ATM, where it is encrypted using a PIN Encryption Key (PEK).

2. PIN Translation: The encrypted PIN is transmitted to the bank’s HSM, where it is decrypted and re-encrypted using another key (e.g. KEK or another cryptographic key).

3. PIN Validation: The re-encrypted PIN is transmitted to the card issuer for final validation

Use Case: Transaction Processing at POS Terminals

1. PIN Entry and Encryption: The customer enters their PIN at the POS terminal, which is immediately encrypted using a Derived Unique Key Per Transaction (DUKPT) or a similar algorithm.

2. PIN Transmission: The encrypted PIN is sent to the acquiring bank/processor for further processing.

3. PIN Translation: Inside the HSM, the encrypted PIN is decrypted, and a unique key is derived using the DUKPT algorithm.

4. PIN Re-encryption and Validation: The PIN is re-encrypted and sent to the issuing bank for final validation.

In the diagrams provided, the focus is on secure PIN entry and verification using DUKPT (Derived Unique Key Per Transaction), a method commonly mandated by PCI-DSS to ensure that each transaction has a unique encryption key. This process significantly minimizes the risk of data exposure, even if a key is compromised.

Where is the PVV stored for future PIN verifications?

The PIN Verification Value (PVV) is securely stored within the bank’s core banking system, authorization system, or card management system. The PVV is associated with the customer’s PAN and is stored in an encrypted format to comply with security standards.

Key Points:

• Core Banking System: The PVV is stored securely alongside the customer’s account number or PAN within the bank’s core system.

• Encrypted Storage: Even though the PVV is derived from the customer’s PIN, it is still stored in an encrypted and protected format to prevent unauthorized access

How does a bank reset a PIN, and how does the HSM or banking switch validate a PIN?

When a bank resets a PIN, the new PIN is securely generated, encrypted, and stored in a derived format, such as a PIN Verification Value (PVV), which is associated with the customer’s PAN. During PIN verification, the HSM uses the PVK to calculate the PVV and compare it with the stored PVV to confirm whether the entered PIN is correct.

Key Points:

• PIN Reset Process: The customer requests a PIN reset via secure channels (e.g. bank branch, online banking, ATM). A new PIN is generated, encrypted, and stored in a secure system in the form of a PVV.

• PIN Validation Process: The customer enters their PIN at a POS terminal or ATM. The HSM decrypts the PIN and generates a PVV using the customer’s PAN and the stored PVK.

The newly generated PVV is compared with the stored PVV to confirm the PIN's validity

Example:

During the reset process, the bank stores only a derived PVV, not the actual PIN. When validating the PIN during a transaction, the HSM generates and compares the PVV in real-time.

Conclusion

HSMs are a crucial component in ensuring the security of payment systems. They securely handle PIN verification, key management, and transaction processing at ATMs and POS terminals. By using real-time cryptographic operations and adhering to industry standards like PCI-DSS, HSMs help protect sensitive data without storing it long-term. Additionally, the use of remote key loading enhances ATM security by allowing encryption keys to be updated securely and efficiently.

The attached diagrams illustrate how HSMs interact with other components in a secure payment ecosystem, ensuring the confidentiality, integrity, and authenticity of transactions.