Tuesday , November 26, 2024

A New ANSI Standard Could Ease the Way for Triple DES

A new U.S. standard in the works now could dramatically cut the costs ATM deployers face in bringing their machines into compliance with the so-called Triple DES encryption requirement set by the bank card networks. As things stand now, banks and other deployers must distribute the Triple DES encryption key, used by the ATM to encrypt cardholders' personal identification numbers as they enter them, by sending two technicians to each machine to install it. Each technician is armed with a piece of the key. Public key cryptography protocols would allow deployers instead to download the keys electronically to each ATM, allowing them to eliminate the cost tied up in personnel visiting each machine. But current American National Standards Institute standards do not permit the use of public key cryptography for key management in ATMs. That may be changing. Speaking at a workshop today at the fifth annual conference of the ATM Industry Association (ATMIA) in Tampa, Fla., Jeanne M. Fagan, founder of consulting firm Fagan & Associates, said a new ANSI standard paving the way for remote electronic distribution of Triple DES keys via public key cryptography could be available by the fourth quarter. The new standard, technically part two to ANSI X9.24, is in a state of flux, Fagan cautioned, as members of the standards committee working on it weigh in with comments. Fagan is a leading member of the committee, which has been at work on the new standard for two years and issued a first draft last month. Public key cryptography relies on a system of public keys?published electronic codes?and private, or secret, keys, to scramble and unscramble messages such as PINs. Triple DES refers to the number of applications of the DES encryption standard, long used to scramble PINs in ATMs and point-of-sale terminals. The old standard of single DES encryption is no longer considered adequate now that computing power has reached levels that permit breaking single-DES-encrypted messages.

Check Also

With Work, Many Merchants Could Be Compliant with New Click to Cancel Rule

Consumers irked by the difficulty of unenrolling from some subscription services will gain relief May …

Digital Transactions