Hypercom develops remote key products regarding MasterCard 3DES

Bulletin issued by MasterCard disallows merchants’ use of remote key injection to install new encryption keys on non PCI-approved POS terminals, regardless of the manufacturer. MasterCard appears to be concerned that even though the host end of a remote key injection solution may comply with all PCI and ANSI requirements, if the key injection process is performed on a terminal of unknown security status (non-PCI), there is a risk of key compromise. Hypercom believes MasterCard is acting in the best interests of the payment industry as a whole given the wide array of pre-PCI devices in the field and the range of approaches that a vendor may take in designing a remote key injection system.

3DES bulletin, issued by Master Card on June 15th, 2009, provided guidance to acquirers and merchants about the injection of new 3DES keys in non-PCI terminals. According to the bulletin, non-PCI terminals to be injected with a 3DES key must comply with PCI PIN Security Requirements, and the injection for non-PCI terminals must occur in a key injection facility that complies with Appendix B of this same standard.

Hypercom`s HRKS is the industry’s only standards-based remote key injection product that allows retailers to quickly and securely initiate on-site, in-store debit key injection at the point-of-sale. HKRS eliminates the need for secure room key injections by incorporating PKI to securely distribute symmetric 3DES keys. While it is the only company currently offering remote key injection, the MasterCard bulletin affects any/all competitors seeking to introduce similar remote key solutions.

Hypercom understands the industry’s migration to 3DES will be arduous. It developed remote key product in a concerted effort to save the industry substantial time and cost associated with the July 2010 mandate. Besides, it will work with MasterCard to selectively review some non-PCI approved terminals which are sufficiently secure to meet the PKI requirements of MasterCard.