Summary
Process
Equipment
Host Connection
User Interface
  TG-3  

 

Network Compliance Guideline

Visa, Star, MC, and other networks in addition to the PCI Security Council have established security requirements based on the ANSI standards. The Accredited Standards X9 Committee's TG-3 PIN Security Compliance Guideline and TG-39 Retail Financial Services Compliance Guidelines outlines these provisions in a question and answer format.

Take the Test!

Section 4 of the TR-39 guideline covers "general key management" for symmetric keys. It is based upon the X9.24 standard and deals specifically with managing "keys which encrypt PINs and keys which encrypt PIN encrypting keys". This standard is concerned with both keys in an ATM - not only the "B-key" which typically encrypts PINs, but also the "A-key" which is loaded initially and used to encrypt the PIN encrypting key.

It is the requirements addressed by this section regarding initial ATM keys that are often problematic for institutions and frequently raise issues during a security audit. It is in response to these procedures that Trusted Security Solutions' A98 system was developed.

An institution that employs the A98 solution for establishing initial ATM keys, supplemented by appropriate key management procedures, will be compliant with all the relevant provisions addressed by TG-3 and TG-39.

Trusted Security provides documents with the main questions from the TR-39 (Sections 4 and 5) relating to ATM key management, along with suggested responses that can be made when the A98 solution is in place.

Take the test for yourself... A98 TG-3 Compliance Questionnaire (PDF 55 kb)

 

Trusted Security Solutions, Inc. | 704.849.0036 | info@trustedsecurity.com

© Trusted Security Solutions, Inc. All Rights reserved in all media.