Creating Security Codes & PINs

The Bank Card Security System (BCSS) is cost-effective software that includes functionality to create security codes and PINs. It works standalone or with a Thales host security module (HSM), and includes subroutines that reduce the programming required to create security codes and PINs.

BCSS is used by a wide range of customers from those just entering the market to the largest secure card manufacturing operations in the world. BCSS speeds time to market by reducing your programming effort. Reduced programming translates into cost reduction; one customer said BCSS saved several hundred dollars in programming costs.

"It saved us six months of programming," the customer said.

BCSS supports the generation and verification of standard security codes such as CVV, CVV2, CVC, CVC2, CVC3, CAVV, CSC, PVV and ABA Code. These can be created with or without an HSM. BCSS also supports a variety of PIN functions such as PIN generation. Secret keys and security options are used to create the codes that protect debit, credit and prepaid cards. BCSS has a database that stores all of the keys and options needed to create and verify card security codes and PINs. BCSS works with Thales HSMs to create ARQC and ARPC cryptograms that comply with various EMV standards.

Some customers start by running BCSS as a stand-alone application to create security codes, and then migrate to HSMs later. Because BCSS runs in either mode, BCSS simplifies the migration from software cryptography to hardware cryptography.

Secure Card Issuing

Secure personalization bureaus use Prime Factors' Bank Card Security System (BCSS) to securely and cost-effectively manufacture financial transaction cards (credit, debit, prepaid and gift). BCSS is the lower cost alternative to custom programming ordinarily used to implement key management and create card security codes and PINs. By using these components to create a secure card manufacturing platform, BCSS users save time and money.

A typical secure card-manufacturing environment includes a cardholder database, the BCSS database of cryptographic keys and security options, the BCSS library of subroutines, and one or more Thales HSMs. BCSS and the HSMs process data from cardholder databases using the cryptographic keys stored in the BCSS database. BCSS passes the information to the Thales HSM during card-related processes. The BCSS database also contains information such as a user-defined record name, a text description for each record, PIN related fields, Primary Account Number (PAN) length and CVV Service Code. BCSS includes subroutines for the host application to create PINs and card security codes (CVVs, CVCs, etc.) required for the card manufacturing process.

Secure Card Processing

Some customers use BCSS exclusively to verify transactions. BCSS supports the verification of standard security codes such as CVV, CVV2, CVC, CVC2, CAVV, CSC, PVV and ABA Code. BCSS also supports a variety of PIN functions such as PIN translation, PIN selection, PIN bridging and PIN verification.

The verification process begins when a point-of-sale device encrypts the cardholder PIN block, and sends it to the issuing bank or processing center. BCSS sends the encrypted PIN block, secret keys and security information to the Thales HSM. The PIN block is decrypted inside the HSM so that the PIN and keys are never in the clear. The expected security code is compared to the one in the transaction. If there's a match, the transaction is approved.

Next Steps: