Above Header Partners

Utimaco, in partnership with Securemetric Technology, share insights and best practices to ensure data security

Above Article Content Ad

In the digital world of today, banks and other financial service institutions (FSIs) are responsible for keeping customers’ important information safe so they don’t lose money or their good name.

But because the industry is becoming more digital, existing infrastructures are still changing, and more consumers are now using digital platforms for their daily transactions.

The Bangko Sentral ng Pilipinas (BSP) says that when this happens, data security and identity protection are at risk.

How can data infrastructure be protected in the digital banking world of today? And what is the current environment for data?

At an event called “Building a Foolproof Infrastructure in Today’s Digital Banking World,” put on by Utimaco, a global platform provider of trusted cybersecurity and compliance solutions, in partnership with Securemetric and CorewareTechnology, Utimaco leaders talked about how to make sure the digital future is safe.

The “Four-Party Model” is the most common way that card payment systems work. This involves the cardholder, who is a customer with a payment card from a bank or other financial institution, and the merchant, who is a business or an individual who accepts card payments for goods and services. This group includes Automated Teller Machines (ATMs), which accept payment cards.

The issuing bank, which gives payment cards to card owners on behalf of the card networks, is also a key party. In this model, the issuer pays the acquiring bank for the goods and services bought by the cardholder. The acquiring bank then pays the issuing bank back according to the terms of the contract.

The last part is the acquiring bank. It is a place of business that holds the merchant’s bank account. Merchants can take payments from any issued card through contracts with the acquirer. Even though the model is simple, the four parties share important information that could be at risk if it is not protected.

Cryptography is used to keep private information about customers safe when it is stored or sent online during a transaction. This includes things like encrypting and using tokens. The first method uses an algorithm to change the data into ciphertext, which is unreadable data that can be read with a key. The latter changes the information into a set of characters that can’t be told apart. These are called tokens. Without the tokenization system, tokens have no value if they are lost or stolen.

Hardware Security Modules (HSMs) are devices that make, protect, and manage cryptographic keys in a secure domain during transactions. And HSM applications are different in how they work with the four main parts of the data ecosystem. The EMV chip in a payment card works as a small HSM for the person who owns the card. On the merchant side, however, the use of HSMs depends on how big and what kind of business it is. Point-of-sale (POS) terminals with secure memory and cryptographic hardware that can act as HSMs can be used by smaller vendors. On the other hand, large retailers would need HSMs that are connected to a network to make sure transactions are safe.

In the meantime, the bank that gives out payment cards needs strong HSMs to create, protect, and manage the keys needed to activate and process the cards. For the acquirer, HSMs take care of all the financial channel keys for the merchant and handle the cryptographic flow from the issuer to the acquirer.

“HSMs are essential to protect the ciphered transactions across the four corners of the data ecosystem. It acts as a safe in a financial institution’s network and houses the keys needed to decrypt consumers’ critical data. Now that banking transactions are increasing; data security and identity protection are more at risk from cybercriminals. This makes HSMs vital to the key parties in the data ecosystem,” said Deval Sheth, Managing Director for Asia Pacific at Utimaco. 

Utimaco offers reliable HSMs that can securely process transactions in the financial industry. One of these devices is the Atalla AT1000, a FIPS 140-2 Level 3 and PCI PTS v3 certified payment HSM. Among the financial institutions that integrated this HSM is a digital payment services platform and an e-money company in Pakistan called NayaPay. 

With this, the financial institution aims to secure customers’ data, identities, and finances while adhering to compliance and regulation standards. After integrating Atalla AT1000, NayaPay gained robust and flexible protection at every transaction, cut the cost of ownership through consolidated HSM infrastructure, and met security and compliance requirements, among others. 

Promoted Content

Raffy Pedrajita

is Rafael Pedrajita offline. He is the founder of Tech Patrol. He's been a freelancer and a blogger since March of 2010. He married a beautiful woman named Amor. You can follow him on his Social Media accounts in the links below.
Below Comments Ad
Back to top button