Secure Card Issuing & Authorization

Since 1999 global leaders in secure card issuing have used the Bank Card Security System (BCSS) to save time and money. BCSS is multi-purpose software used in both the secure card issuing and authorization processes. Customers worldwide give BCSS high marks for performance and reliability. They have used BCSS to create and verify billions of security codes and PINs in accordance with standards established by the network payment card brands (Visa, MasterCard, American Express, Discover and JCB).

In addition to providing functionality to create and authorize security codes and PINs, BCSS includes a critical component of any secure card issuing solution - key management.

BCSS simplifies key management by making it easier to securely generate, load, store, distribute and delete cryptographic keys. BCSS key management incorporates hardware cryptography for secure operations such as encrypting keys that are then stored in a BCSS key vault.

A typical secure card issuing and authorizing environment includes a cardholder database, the BCSS key management system consisting of a database of cryptographic keys and security options, the BCSS library of subroutines, and one or more Thales hardware security modules (HSMs). When a card production emboss file needs to be created, cardholder and magnetic stripe data are processed quickly and securely by BCSS and the HSMs in accordance with the payment brand requirements for hardware cryptography. This can be accomplished directly from a mainframe program processing the emboss file.

As your issuing and authorization environments expand to include EMV requirements, BCSS is already enabled with the necessarily more complex key management functionality. Key profiles with both key values and key attributes, derived keys, key versioning, and signed certificates are all readily understood. BCSS provides an easy migration to incorporate these key management processes into an existing card issuing environment.

BCSS decrypts PIN blocks and supports a variety of PIN functions such as PIN translation, PIN selection, PIN bridging and PIN verification.

The verification process begins when a point-of-sale device, or ATM, encrypts the cardholder PIN block, and through the acquiring bank and processor, sends it to the card issuer for authentication. BCSS receives the encrypted PIN block, secret keys and security information and decrypts it inside the HSM so that the PIN and keys are never in the clear. The expected security code is compared to the one in the transaction. If the codes match, the transaction is approved.

BCSS reduces programming necessary to facilitate the use of Thales HSMs in the secure card issuing and authorization processes. There is no need to learn a proprietary machine level language to employ hardware cryptography capabilities. BCSS addresses the Thales HSM through higher level function calls to provide comprehensive key management.

BCSS meets standards for security code creation established by the network brands including use of an HSM. BCSS creates any security code you need including CVV, CVV2, CAVV, CVC, CVC2, CVC3, CSC, PVV and PINs.

Participants in the issuing process (card issuers and secure personalization bureaus) use BCSS to stay current with the latest security requirements mandated by the network brands. With BCSS, it is easier to remain up to date and pass your annual logical security audit!

Learn more about BCSS:

• BCSS is a better alternative than custom programming
• Creating Security Codes & PINs
• Secure Card Issuing & Authorization
• How BCSS & Thales HSM 8000 work together
• EMV Compliance
• Key Management
• Card Utility
• Who Uses BCSS
• Available Platforms
• Q & A

back to overview