How to Implement Global Remote Key Loading from a Single Location
Have you ever wondered what happens behind the scenes when you use your payment card at a retail payment terminal or ATM? The transaction, including validation, authentication, and approval, happens within seconds! But what’s really going on to make it all work securely and quickly?
Anytime you present your payment card or mobile phone at a retail payment terminal, an encryption key quickly goes to work to encrypt the PIN or the primary account number (PAN) associated with your card. The encryption obscures the data and protects against information theft as the transaction is sent back to the card issuer for validation. For this process to work, an encryption key must be securely loaded into that endpoint device, whether it’s an ATM, a payment terminal, or a commercial device used for payment acceptance.
This is where Remote Key Loading (RKL) — also known as remote key injection — enters in. With RKL, this essential key injection process allows organizations to manage keys for an entire infrastructure without physically accessing any terminals or devices. It is good security practice to prescribe a key rotation and retirement strategy.
RKL improves security and efficiency; and reduces operational costs. The loading of new keys into an ATM, for example, has traditionally been done manually through a process known as direct key injection. For POS terminals and PIN entry devices, this involves bringing the devices to a key injection facility where key administrators manually inject each device. This can be time consuming and expensive. For organizations with widespread ATM or POS networks, this manual process can be a significant operational expense with a high susceptibility to human error. Imagine entering in long strings of hexadecimal characters by hand!
Embracing the Cloud to Securely Automate the Manual Key Replacement Process
Miura Systems has a good story here. As a pioneer in mobile payment acceptance, Miura works to bridge the gap between a static customer-facing environment and the desire for full mobility. With over three million payment devices worldwide, Miura brings mobile acceptance to retail, hospitality, financial services, and other industries. Miura’s technology is built to support remote management and can support, update, and remotely inject its terminals across the globe with ease, regardless of location or geography.
Yet, before Futurex’s VirtuCrypt entered into the picture, Miura’s process for managing and loading cryptographic keys into its payment terminals was manual, cumbersome, and expensive. Miura was looking to:
- Reduce the cost of ownership
- Meet future compliance
- Ensure scalability
- Remove compliance scope
Miura Systems implemented a fully integrated solution in the cloud with Futurex’s VirtuCrypt’s cloud payment hardware security module (HSM) solution. “Implementing cloud-based remote key loading through VirtuCrypt has enabled us to radically streamline the deployment and maintenance of our payment devices across a whole range of geographic markets and customer use cases,” states Darren Shaw, Chief Product Officer at Miura Systems.