Lets issuers perform EMV data preparation in-house by simplifying complexity
Eugene, OR - April 2, 2013 – Prime Factors, Inc., announces an EMV data preparation module for the Bank Card Security System (BCSS) that shields issuers from the complexity of EMV card issuance, allowing them to perform EMV data preparation in-house.
Issuers who perform EMV data preparation in-house gain more control of the security of their most valuable asset - cardholder data and associated keys - and thus reduce the risk of a breach. Many issuers globally have outsourced EMV smart card issuance due to its complexity compared to magnetic stripe card issuance, thereby relying on others to keep secure cardholder data and associated keys.
"Issuers can reduce risk dramatically by generating their EMV data preparation files in-house and sending them securely to their card service bureau for production of the personalized cards," said Dave Tushie, Prime Factors' product manager for BCSS.
Most issuers house their cardholder management system on legacy mainframes where they prepare data for magnetic stripe card issuance. For EMV issuance, they typically send the cardholder data to a secure personalization bureau which does the data preparation and then produces the card.
The new EMV module runs on all major operating systems including the IBM z/OS used by most issuers. It lets them perform EMV data preparation in-house using their existing magnetic stripe issuance platform and cardholder management system. The new module pulls application data, cardholder data and keys from many sources and creates a file that can be securely sent to a bureau. Any card personalization system, regardless of the IC card and personalization equipment employed, can interpret the file for processing.
"BCSS makes EMV data preparation as familiar and routine as magnetic stripe card issuance is on your legacy systems," Tushie said. "With BCSS you maintain more control of your card holder data and more importantly - the keys and certificates - by performing EMV data preparation in-house."
Key management is one of EMV's biggest challenges, Tushie said. EMV requires the generation and management of many more keys than magnetic stripe issuance, he said, and therefore, the chances of a compromise are significantly higher.
"Keeping the EMV keys secure is essential," Tushie said. "A compromise can be catastrophic."
In addition to risk mitigation, issuers who perform their own EMV data preparation benefit from competitive pricing when they select a service bureau. They aren't locked into one service bureau, and can select their service bureau based on cost and productivity.
The new EMV data preparation module is an extension of BCSS, highly-specialized middleware that cuts costs by reducing the amount of programming required to develop and maintain a secure card issuance platform. BCSS provides software for key management, Thales HSM (hardware security module) integration and security code and PIN generation and verification for magnetic stripe and EMV IC cards.
The EMV module is entering beta testing, and will be available end of Q2. In conjunction with the introduction of EMV data preparation, Prime Factors has released an informative white paper, "Plain English Guide: Why Financial Institutions Should Keep EMV Data Preparation In-House." Get the white paper