Secure Card Personalization

Since 1999 leading secure personalization bureaus world-wide have used the Bank Card Security System (BCSS) to save time and money. BCSS is the cost-effective alternative to the software development required to build key management from scratch and replicate compliance requirements for the generation of security codes and PINs.

Customers have used BCSS to create billions of security codes and PINs in accordance with logical security requirements established by the network payment card brands (Visa, MasterCard, American Express, Discover and JCB). They give BCSS high marks for performance and reliability.

BCSS simplifies key management by making it easier to securely generate, load, store, distribute and delete cryptographic keys. BCSS key management incorporates hardware cryptography for secure operations such as encrypting keys that are then stored in a BCSS key vault.

A typical secure personalization environment includes a cardholder database, the BCSS key management system consisting of a database of cryptographic keys and security options, the BCSS library of subroutines, and one or more Thales hardware security modules (HSMs). When a card production emboss file needs to be created, cardholder and magnetic stripe data are processed quickly and securely by BCSS and the HSMs in accordance with the payment brand requirements for hardware cryptography. This can be accomplished directly from a mainframe program processing the emboss file.

As your secure personalization environment expands to include EMV requirements, BCSS is already enabled with the necessarily more complex key management functionality. Key profiles with both key values and key attributes, derived keys, key versioning, and signed certificates are all readily understood. BCSS provides an easy migration to incorporate these key management processes into an existing secure card personalization environment.

BCSS reduces programming necessary to facilitate the use of Thales HSMs in the secure personalization processes. There is no need to learn a proprietary machine level language to employ hardware cryptography capabilities. BCSS addresses the Thales HSM through higher level function calls to provide comprehensive key management.

BCSS meets standards for security code creation established by the network brands including use of an HSM. BCSS creates any security code you need including CVV, CVV2, CAVV, CVC, CVC2, CVC3, CSC, PVV and PINs.

Secure personalization bureaus use BCSS to stay current with the latest security requirements mandated by the network brands. With BCSS, it is easier to remain up-to-date and pass your annual logical security audit!

Next Steps: