Payment Card Security System - BCSS
Prime Factors' Bank Card Security System (BCSS) is highly-specialized middleware that cuts costs by reducing the amount of programming required to develop and maintain EMV data preparation and a secure card issuance platform. BCSS software is backed by a dedicated support team that provides the answers you need during project planning, implementation and use.
BCSS makes data preparation for EMV as familiar and routine as magnetic stripe card issuance is on your legacy systems. With BCSS you gain control of your card holder data by doing EMV data preparation in-house.
BCSS software fits into your in-house developed issuance platform to provide key management, Thales HSM (hardware security module) integration and security code and PIN generation and verification for magnetic stripe and EMV IC cards. Leading issuers and secure personalization bureaus throughout the world use BCSS to simplify the complexity of meeting logical security requirements established by the network brands (Visa, MasterCard, Discover, American Express and JCB).
The Bank Card Security System (BCSS) fits into your in-house developed issuance platform to provide data preparation, key management, HSM (hardware security module) integration and security code and PIN generation and authorization for magnetic stripe and EMV IC cards. Here are key features:
- Makes data preparation for EMV is as familiar and routine as magnetic stripe card issuance is today.
- Comprehensive, software-based key management incorporates hardware cryptography for secure operation
- A library of subroutines handles more than 100 functions that access the BCSS database and the Thales HSMs.
- Subroutines streamline calls to the Thales HSM to create and verify security codes.
- BCSS builds the host commands necessary for the Thales HSM to create encrypted keys. It also manages Ethernet (TCP/IP) communication and stores a database of encrypted keys created by the Thales HSM.
- Subroutines can be called from popular programming languages such as COBOL and C.
- A user-friendly Card Utility program for Windows and UNIX generates PIN mailers or an output file containing CVV codes and other information printed on a plastic card.
- Provides a debug trace of communications with Thales HSMs.
- Supports the Thales Security Resource Manager (SRM) for load-balancing multiple HSMs.
- Supports CICS and TSO environments on the IBM mainframe.
- Provides multi-threads job production files to a single HSM
- Manages multiple HSM's to balance cryptographic load
BCSS is highly-specialized middleware that cuts costs by reducing the amount of programming required to develop and maintain a data preparation and secure card issuance platform. Here are key benefits:
- Eliminates time-consuming tasks such as learning new technologies and developing software systems that meet logical security requirements established by the network brands
- Provides a cost-effective alternative to software development required to build a key management system from scratch and replicate compliance requirements for the generation and authorization of security codes and PINs
- Eliminates the need to hire specialized expertise to develop and maintain key management and saves months of development time including integration with Thales HSMs.
- Incorporates Thales HSMs into your issuance platform without the need to learn a low-level API
- Data preparation application layer further reduces development time and maintenance plus it shields you from the complexity of EMV issuance, making it feasible to bring EMV issuance in-house.
- Utilizes the same legacy systems and processes for EMV card issuance as those used for magnetic stripe card issuance.
- Subroutines – BCSS has more than 100 – reduce the programming required to create and authorize security codes and PINs.
- Provides a migration path to EMV, which has much more complex key management requirements
Global leaders use BCSS
The Bank Card Security System (BCSS) is used by programmers to reduce development time, and by end users to simplify key management. BCSS customers include leading card issuers and secure personalization bureaus throughout the world. They incorporate BCSS into their bank card security solutions to save time, money and meet logical security requirements established by the network brands.
BCSS makes it easier for non-technical key custodians to play their designated role in key management, and was designed to streamline the process of creating keys properly and storing them securely. BCSS makes it easier for you to securely generate, store, distribute and delete cryptographic keys and EMV certificates.
BCSS reduces the need for in-house expertise to develop and keep EMV data preparation and a card issuance system constantly up-to-date, and eliminates all the programming required to make Thales HSMs work in accordance with logical security requirements established by the network brands.
Questions & Answers
Does Prime Factors sell Thales HSMs?
Yes, Prime Factors sells the payShield 9000. We can also help you find a reseller outside the USA.
How is user access to BCSS controlled?
BCSS has an authenticated log that records changes to user IDs and user privileges to discourage unauthorized tampering.
How does BCSS control the accurate entry of cryptographic keys?
BCSS forces multi-user key component entry, rejects weak keys, and adjusts keys to odd parity.
How does BCSS help programmers identify and correct errors?
- BCSS delivers specific on-line error user-friendly messages that guide the user to fix the error.
- BCSS provides subroutine return codes with full text descriptions that make it easy for the user to stay on track.
Does BCSS maintain an audit log?
Yes, an audit log of all changes to the BCSS database shows who changed what, and when they did it.
What types of data are stored in the BCSS database?
The secure BCSS database includes encrypted keys, PIN options, PIN block formats, PVV options, CVV options and smart card parameters.
Does BCSS provide the ability to migrate from software to HSM-based hardware encryption?
Yes, detailed instructions are included in the BCSS Configuration Guide and help you better understand BCSS HSM support.
What types of cryptography are supported by BCSS?
BCSS supports 3DES keys and RSA public/private keys as used to support EMV v4.3 specification for chip cards and mag-stripe cards.
Can BCSS output to Datacard Machines?
Yes, the BCSS Card Utility feature can map card codes or clear PINs to a file that can be imported into an external device such as Datacard embossers.
Does BCSS meet Visa and MasterCard security requirements?
Yes BCSS works with the Thales payShield 9000 HSM to meet Visa and MasterCard logical security requirements.
Does BCSS support the latest EMV payment standard?
Yes. BCSS supports the EMV 4.3 specification for smart (chip) card issuance including a built-in interface to external key distribution facilities and support for ARQC verification and ARPC generation.