Key Bundling Integration

Changes are underway in the banking and payments industries as providers look to improve the security of their underlying systems. One noteworthy example is an approaching mandate, from Visa and the PCI Security Standards Council, for all financial institutions and FI processing companies that use the Visa network to implement structures called key blocks or “key bundling”, which introduces a totally new format with added security and key usage enforcements for symmetric cryptographic keys.

The transition to key bundling is no easy task. Significant effort will be needed to comply with the requirements, and many organizations lack the unique expertise necessary to implement the required changes in a short amount of time.

To get started, there are several important questions your organization should consider as you investigate the changes needed for compliance, including:

  • Is your current transaction software vendor taking care of this? Is there an established date of delivery for the key bundling upgrade release? Who do you contact to find out?
  • How many DES keys are there for your situation?
  • What are each of these keys used for?
  • What types of key blocks are currently in use? Which keys, and at what stage of the transaction are they needed?
  • Will the current Host Security Module (HSM) handle the new commands needed to meet the PCI/Visa requirements?
  • Are modifications required for your HSM security settings?
  • Will there be a need to purchase new licensed capabilities for the HSM? How much will it cost and is budget request needed for this expense?

Answering these questions and implementing necessary changes will be a major undertaking. Consequently, many FIs will need help from partners, leaning strongly toward a small subset of experienced and trusted partners.

The good news is that Trusted Security Solutions, with over 20 years of experience, is an established and proven authority in this field of expertise and has earned the trust of FIs and processors needing compliant security and cryptographic key management. Today TSS is available to assist you with your key bundling initiatives, including offering prospective clients a low-cost solution to report where they are non-compliant and where to make changes, as well as provide meaningful data to help more accurately scope key block conversion projects.