Welcome the PCI 5.x generation of Encrypting PIN pads!
Cryptera have upgraded their Encrypting PIN pads (EPPs) to newest security standard PCI PTS 5.x. The product family includes four EPPs with different dimensions to complement the ATM and Unattended segment, including the EPP2200 with display for a guided payment experience.
For easy compliance with latest PCI requirements, the new firmware includes features as:
- 24 hour reboot
- 15 min timeout on manual key entry
- AES PIN encryption with ISO format 4
- stricter use of keys for the intended purpose, separation between Customer and Manufacturer key hierarchies
- PAN encryption
- TR-34 Remote Key Load (RKL)
“PCI 5.x requires EPPs to reboot once every 24 hours to maintain a secure state. This can be a challenge for integrators to plan into their solution – but the Cryptera EPPs allow integrators to schedule the reboot and obtain important event information from the EPPs that software can react upon,” Mads Rasmussen, Product Manager
The firmware is updated to support only SHA-256, as the hash function SHA-1 is prohibited by PCI PTS 5.x and a 15 minute timeout is now present for the entire key entry process. For key management, every key loading mechanism is supported: Secure key entry with and without the use of password and RKL based on signatures, certificates as well as the latest TR-34 certificate based standard.
The PCI PTS 5.x standard still requires activation of the EPPs before an encrypted PIN block can be generated as result of a PIN code entry. For the first installation this is easily managed and integrators can acquire activation codes from Cryptera should they have removed the EPPs after installation.
On the hardware side, Cryptera releases enhanced security features as double layered mesh to improve protection against physical attacks. As part of the personalization process, the products will be configured with customer keys, preferred layout and graphic to match the payment environment.
For customers who need a full payment solution, Cryptera offers EPPs, contact and contactless card readers, and a payment controller.
For ATM customers, Cryptera offers a licensed XFS Service Provider designed to bring effectiveness and simplicity when integrating PIN entry devices in ATM applications.
Likewise, for the Unattended segment, the Cryptera Protocol will ease the integration in kiosks with both Windows and Linux system.
Cryptera delivers an integration package together with test devices comprising integration guide, command specification, scripts, etc.