Friday, June 21, 2024

Hardware-based security is future of banking, says Utimaco

Banks and financial service institutions (FSIs) are responsible for protecting consumers’ critical data to avoid economic and reputational loss in today’s digital world. However, the existing infrastructures continue to evolve due to industry’s digitalization, and more consumers are now utilizing digital platforms for their daily transactions.

Deval Sheth, managing director of Utimaco Asia Pacific (left) and Edward Law, CEO and executive director of Securemetric

The Bangko Sentral ng Pilipinas (BSP) warns that such situations risk data security and identity protection. To address this issue, Utimaco, a global platform provider of trusted cybersecurity and compliance solutions, partnered with Securemetric and Coreware Technology to organize an event titled “Building a Foolproof Infrastructure in Today’s Digital Banking World”.

Utimaco develops on-premises and cloud-based hardware security modules, solutions for key management, data protection, and identity management, as well as data intelligence solutions. The company’s mission is to “Create Trust in the Digital Society” by providing certified and innovative security solutions.

The firm is headquartered in Aachen, Germany, and Campbell, California, USA, with additional offices in Italy, the UK, and Singapore, as well as a strong worldwide partner network. The company operates in two highly specialized areas of the global cybersecurity market: “Information Security” and “Telecom Solutions.”

Utimaco’s event aimed to provide insights and best practices to ensure a guarded digital future. The event’s C-suite executives shared their expertise to help banks and FSIs combat fraud and financial crime, maintain connectivity of systems, and protect against security threats while maintaining customer trust.

The discussions highlighted the “Four-Party Model” – a common model used in card payment systems. It involves four key entities: the cardholder, the merchant, the issuing bank, and the acquiring bank. The cardholder is the consumer who uses a payment card provided by a bank or other financial institution to make purchases, while the merchant is the business or individual who receives card payments in exchange for products or services.

Automated teller machines (ATMs) also belong to this category as they accept payment cards. The issuing bank provides payment cards to the card owner on behalf of the card networks, and the acquiring bank receives payment from the cardholder and pays the issuing bank according to the contract terms. The acquiring bank is a financial institution that contains the merchant’s bank account and enables merchants to accept payments from any issued card.

The payment industry uses cryptographic methods such as encryption and tokenization to protect consumers’ private information during transactions. Encryption involves an algorithm that alters the data into an unrecognizable form known as ciphertext, which can be decrypted with a key.

On the other hand, tokenization transforms the information into an indistinguishable set of characters referred to as tokens. If stolen, tokens present no value without the tokenization system. Both methods help prevent hacking or unauthorized access and are often used interchangeably. While tokenization is more suitable for smaller pieces of data, encryption can safeguard full documents by encrypting the stored information.

Utimaco offers a range of products for payment systems, including PaymentServer, which is specifically designed for payment cards and payment transaction processing. The company’s payment security solutions address the changing security landscape of the payment industry, from issuing a PIN number to processing online payments.

Utimaco’s hardware security modules (HSMs) are also suitable for payment use cases, such as PCI-compliant payment card processing, bank card issuing, and more. Additionally, Utimaco’s payment security solutions cover both traditional payment methods such as ATMs and POIs, as well as non-card-based payment methods such as smartphones or IoT

HSMs are physical computing devices that create, protect, and manage cryptographic keys in a secure domain during transactions. HSM applications differ depending on the four key parties of the data ecosystem.

The chip for EMV transactions in its payment card serves as a micro-portative HSM for card owners. On the other hand, the use of HSMs for merchants depends on the scale and nature of their business. Smaller vendors can rely on point-of-sale (POS) terminals built with secure memory and cryptographic hardware that can act as HSMs. However, major retailers would require network-attached HSMs to ensure secure transactions.

“HSMs are essential to protect the ciphered transactions across the four corners of the data ecosystem. It acts as a safe in a financial institution’s network and houses the keys needed to decrypt consumers’ critical data. Now that banking transactions are increasing; data security and identity protection are more at risk from cybercriminals. This makes HSMs vital to the key parties in the data ecosystem,” said Deval Sheth, managing director for Asia Pacific at Utimaco. 

Utimaco is a known provider of HSMs that process transactions in the financial industry. One of these devices is the Atalla AT1000, a FIPS 140-2 Level 3 and PCI PTS v3 certified payment HSM. The Atalla AT1000 is designed for secure and compliant non-cash retail payment transactions and cardholder authentication, providing superior hardware security.

NayaPay, a digital payment services platform and e-money company in Pakistan, is among the financial institutions that have integrated this HSM to secure customers’ data, identities, and finances while adhering to compliance and regulation standards. After integrating Atalla AT1000, NayaPay gained robust and flexible protection at every transaction, cut the cost of ownership through consolidated HSM infrastructure, and met security and compliance requirements.

“The Atalla AT1000 can secure critical data and associated keys for non-cash payment transactions in retail, cardholder authentication, and cryptographic keys of payment service providers, acquirers, processors, issuers, and even payment networks,” added Sheth. 


- Advertisement -spot_img




- Advertisement -spot_img