BCSS Architecture

Prime Factors’ Bank Card Security (BCSS) helps enterprise payment applications simplify payment security for payment credential issuance and payment transaction processing. BCSS runs on a variety of enterprise operating systems on premise or in the cloud and helps to interface with and manage payment HSMs.

BCSS-Architecture-chart

Audit Logs & Reporting

BCSS Audit Logs offer comprehensive audit logging and traceability to help ensure that security is sound and security audits are passed. BCSS audit logs capture and store information for all activity related to cryptography, including all key changes, settings, and definitions. BCSS Audit Logs are searchable by specific attributes, such as user, entry type, date range, and others.

Every event is sorted by date and time and includes the corresponding user ID and action performed, and each record in the audit log receives a sequence number and is hashed and encrypted. The hash ensures that no tampering of the audit log has occurred, and the sequence number ensures that no audit log entries are missing. Though the logs show what changes were made, when, and by whom, clear keys and PIN values never appear in diagnostic trace files. All changes to user IDs and user privileges are recorded in authenticated log records to discourage unauthorized tampering.

Administration & Configuration

Within the BCSS Administration Program user groups and specific users are defined and granted permission to access only particular, specified functionality, including who can make changes to keys and system configurations. A BCSS installation wizard, which steps administrators through configuring the system, helps to further simplify initial set up. The BCSS Administration Program can be reached through graphical user interface in a Windows environment or through a text user interface in the other operating systems listed below. Regardless of platform or interface, access rights, including API usage, must be explicitly granted by product administrators. Internal user IDs and passwords and optionally openLDAP are the mechanisms for user authentication.

Interoperability

The BCSS API library supports a broad range of programming languages, including COBOL, Visual Basic .NET, C, C#, C++ and Java. BCSS also functions out of the box across most common enterprise operating systems, including IBM Mainframe (z/OS), IBM iSeries (OS/400), Unix, Linux (RHEL) and Windows.