Payment Card—Key Management, Security, and Design

Let’s learn about the key management, main security issues, and design considerations related to payment cards.

We'll cover the following

Payment card key management
Payment card security issues
Payment card cryptographic design considerations

Payment card key management

We now briefly review some of the main key management issues relating to the cryptography employed by payment cards. We exclude mobile payments from this discussion, since their key management is more complex and varied.

Key management system

While the cryptography used by magnetic stripe cards is entirely symmetric, EMV uses a hybrid of symmetric and public-key cryptography. While PCOs allow issuing and acquiring banks to manage the keys of their customers, the PCOs provide overarching key management services that link up these banks and facilitate secure transactions.

The model depicted in the illustration below, which underlies payment card transactions, is essentially the same as the connected certification model we presented in the ‘Public Key-Management Models’ chapter. As we argued earlier, this model is suitable for public-key certificate management across a large distributed organization. It is thus a good model to adopt given the distributed nature of a PCO’s network of banks.

Get hands-on with 1200+ tech skills courses.

Introduction

Basic Principles

Historical Cryptosystems

Theoretical versus Practical Security

Symmetric Encryption

Public-Key Encryption

Data Integrity

Digital Signature Schemes

Entity Authentication

Cryptographic Protocols

Key Management

Public-Key Management

Cryptographic Applications

Cryptography for Personal Devices

Control of Cryptography

Mathematics Appendix

Closing Remarks

Payment Card—Key Management, Security, and Design

Payment card key management

Key management system