Issuer PIN Security Guidelines - Visa
Issuer PIN Security Guidelines - Visa
Issuer PIN Security Guidelines - Visa
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
• Transported clear text key components should be in pre-serialised, separate,<br />
tamper-evident, packaging or in a SCD .<br />
• If a key loading device is used to transport key components:<br />
– The device (or the part of it which contains the key component) should<br />
be a SCD<br />
– The device should only be operated by issuer authorised personnel .<br />
• Key loading procedures should ensure that:<br />
– All participating devices and connections are inspected for monitoring<br />
or tampering<br />
– key loading is performed using dual control<br />
– key components are only combined within a secure cryptographic<br />
device, e .g, a HSM<br />
• Keys should be replaced in accordance with the existing issuer key<br />
management policy3 .<br />
• Keys used in a production environment should not be the same as keys used<br />
in a non-production environment (for example testing or development) .<br />
• Keys should exist in the minimum number of locations needed for correct<br />
operation of the system in accordance with issuer security policy .<br />
• <strong>Issuer</strong> security policy should identify suspicious circumstances that indicate<br />
a key compromise (consistent with their own fraud detection systems and<br />
threat analysis) .<br />
• In the event of a suspected key compromise:<br />
– The key and its derivatives should be replaced immediately<br />
– Replacement keys should not be derived from the compromised key<br />
– The compromised key, and its components should be destroyed<br />
– All keys protected by or derived from the compromised key should be<br />
destroyed<br />
– Users of compromised keys should be informed of the compromise and<br />
change in key, even if the key is no longer in use<br />
– The decommissioning of compromised keys should be logged<br />
– The amount of time in which a compromised key remains active should<br />
be consistent with the risk to affected parties<br />
• <strong>PIN</strong> encryption keys should be used only for <strong>PIN</strong> encryption and not for any<br />
other purpose .<br />
• Reference <strong>PIN</strong>s should be protected using a different key to that used to<br />
protect transaction <strong>PIN</strong>s, both for storage and transmission .<br />
• Encryption keys should be unique to each pair of communicating nodes . .<br />
• The strength of encryption mechanisms should be sufficient to minimise<br />
the risk of security breaches through exhaustive key search or through<br />
cryptanalysis .<br />
3 Key change intervals should be consistent with the corresponding PCI DSS requirements for key change intervals .<br />
<strong>Issuer</strong> <strong>PIN</strong> <strong>Security</strong> <strong>Guidelines</strong> 3 3<br />
<strong>Visa</strong> Public © 2010 <strong>Visa</strong>. All Rights Reserved.