Payment Card—Key Management, Security, and Design

Let’s learn about the key management, main security issues, and design considerations related to payment cards.

Payment card key management

We now briefly review some of the main key management issues relating to the cryptography employed by payment cards. We exclude mobile payments from this discussion, since their key management is more complex and varied.

Key management system

While the cryptography used by magnetic stripe cards is entirely symmetric, EMV uses a hybrid of symmetric and public-key cryptography. While PCOs allow issuing and acquiring banks to manage the keys of their customers, the PCOs provide overarching key management services that link up these banks and facilitate secure transactions.

The model depicted in the illustration below, which underlies payment card transactions, is essentially the same as the connected certification model we presented in the ‘Public Key-Management Models’ chapter. As we argued earlier, this model is suitable for public-key certificate management across a large distributed organization. It is thus a good model to adopt given the distributed nature of a PCO’s network of banks.

Get hands-on with 1200+ tech skills courses.