BCSS Architecture

Prime Factors’ Bank Card Security System (BCSS) helps enterprise payment applications simplify payment security for payment credential issuance and payment transaction processing. BCSS runs on a variety of enterprise operating systems on premise or in the cloud and helps to interface with and manage payment HSMs.

Audit Logs & Reporting

BCSS Audit Logs offer comprehensive audit logging and traceability to help ensure that security is sound and security audits are passed. BCSS audit logs capture and store information for all activity related to cryptography, including all key changes, settings, and definitions. BCSS Audit Logs are searchable by specific attributes, such as user, entry type, date range, and others.

Every event is sorted by date and time and includes the corresponding user ID and action performed, and each record in the audit log receives a sequence number and is hashed and encrypted. The hash ensures that no tampering of the audit log has occurred, and the sequence number ensures that no audit log entries are missing. Though the logs show what changes were made, when, and by whom, clear keys and PIN values never appear in diagnostic trace files. All changes to user IDs and user privileges are recorded in authenticated log records to discourage unauthorized tampering.

Administration & Configuration

Within the BCSS Administration Program user groups and specific users are defined and granted permission to access only particular, specified functionality, including who can make changes to keys and system configurations. A BCSS installation wizard, which steps administrators through configuring the system, helps to further simplify initial set up. The BCSS Administration Program can be reached through graphical user interface in a Windows environment or through a text user interface in the other operating systems listed below. Regardless of platform or interface, access rights, including API usage, must be explicitly granted by product administrators. Internal user IDs and passwords and optionally openLDAP are the mechanisms for user authentication.


The BCSS API library supports a broad range of programming languages, including COBOL, Visual Basic .NET, C, C#, C++ and Java. BCSS also functions out of the box across most common enterprise operating systems, including IBM Mainframe (z/OS), IBM iSeries (OS/400), Unix, Linux (RHEL) and Windows.

Please note: Prime Factors is not a payment processor and does not offer payment processing services.  Our customers can leverage Prime Factors software to help accelerate the development of their applications and secure their data, however, Prime Factors does not process, store, or otherwise access payment transactions or related data of our End Users.

linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram