lectronic payment is built on trust - trust between the consumer and the merchant and, just as important, trust among the various parties involved in supporting payment solutions. In an increasingly uncertain environment, the key to maintaining this trust is through highly sophisticated security measures.

For centuries, wherever currency has been exchanged for goods and services, some people have tried to acquire wealth dishonestly. In this regard, electronic payment is no different from any other form of payment.

As electronic payment has increased in transaction volume and dollar value over the last two decades, it has become the target of rising fraudulent activity by individuals who try to take advantage of any gaps in security.

Fortunately, fraud has been a relatively manageable problem for most of the two decades that electronic payment has been in existence because the payment industry has placed an emphasis on comprehensive and sophisticated security.

These security measures have established and maintained fundamental trust among consumers, retailers and service providers that is necessary for electronic payment to function.

Payment security is undergoing significant changes. An enhanced encryption standard called Triple DES (3DES or TDES) has been created that would require more than a lifetime of processing with current computing power to break. This technology is being combined with key-management methods such as Master/Session and Derived Unique Key Per Transaction (DUKPT).

Protecting Transaction Data

POS transaction data has long been protected by encryption techniques. These techniques use mathematical algorithms, or problem-solving procedures, and keys to scramble personal cardholder information and financial data from "clear text" into cipher text.

For most of the last 20 years, the leading encryption scheme used to protect POS transactions has been the Data Encryption Standard (DES).

Cryptographic algorithms alone are never sufficient to ensure reasonable levels of security. To achieve the necessary security, sophisticated key-management methods are required to protect the encryption key or keys used to unscramble the data.

When a transaction takes place, a key stored in a PIN pad or POS terminal is compared to one on the host system. If these match, the transaction is allowed to proceed. If not, it is rejected.

With symmetric algorithms such as DES, the same key is used to both encrypt and decrypt the transaction data. For this reason, the key must be carefully protected at all times - from the moment it is first loaded, or injected, into the PIN pad or terminal at a secure site until it is changed.

Until recently, breaking the single DES algorithm was considered either impossible or at least relatively impractical. Exhaustive attacks, where a potential thief uses a computer to try every combination of numbers until the key is discovered and the code is broken, were limited by the amount of processing power that was available.

Then, as computing power on the desktop and in the home advanced exponentially throughout the 1990s, the unthinkable entered the realm of possibility. That created the need for an even more sophisticated encryption standard, and Triple DES (3DES) was born.

Defining Triple DES

The 3DES algorithm relies on triple-length keys. Data that is to be protected is encrypted and then decrypted several times using multiple keys. The result is that these "key bundles" have stretched the compute time needed to break the code using today's computer processing power from 15 to 20 years to more than a million years. Refer to the ANSI X9.52-1998 standard for more details.

The card payment industry is rapidly adopting the 3DES algorithm as a proactive measure against potential attacks to break single DES keys. Although no major security breach under DES has ever been reported, it has been demonstrated that it is a threat, making a more secure encryption method a requirement.

Visa has announced that all newly deployed POS PIN acceptance devices (PIN pads and terminals) must support 3DES as of January 2004. MasterCard has required all newly installed merchant POS terminals and PIN pads to support 3DES with a minimum of double-length keys since April 2002, with processor host systems expected to be 3DES compliant in April 2003.

The Key to Secure Key Management

As previously discussed, secure key management is at the heart of reliable data security.

Keys must be kept secret to ensure the integrity of the encryption process. Key management is the method used to securely inject, change and protect the identity of these keys.

The leading key-management methods are Master/Session and DUKPT:

Master/Session: In simplest terms, a "master key" is injected into the PIN pad or terminal at a secure facility. This key is not used for encrypting or decrypting PINs; instead, it is only used to decrypt a "session," or working, key - which has been encrypted by the host using the same master key, then sent over a network to the POS terminal. This session key is the key that will be used to protect PINs and data as transactions take place.

The term "session" refers to the length of time that the key will be valid. Session keys can be changed daily or more frequently - once every eight hours, or every four hours, or every hour, for instance.

DUKPT: The biggest problem with transaction key schemes is the potential loss of synchronization between the host and POS terminals. If a communication error or other glitch causes a key to be missed, then the processor could reject every transaction.

To address this, Visa developed the Derived Unique Key Per Transaction (DUKPT) key-management method.

Again, in simplified terms, DUKPT creates a new key following every transaction. But rather than transporting these keys from the host to the terminals, each successive key is derived by the terminal based on elements contained in the previous transaction and a base derivation key.

Don't Settle for a Shortcut in Security

Both Master/Session and DUKPT key-management methods have had to evolve to keep pace with the requirements of the 3DES algorithm. Don't settle for a shortcut. In the current payment landscape, some vendors have attempted to implement 3DES encryption using older, single DES key management protocols - especially with Master/Session.

ANSI X9, the standards committee responsible for the financial industry standards, has issued a specific warning regarding the misapplication of single DES techniques to 3DES key management. Make sure the terminals you select support the full set of requirements as outlined in the 3DES specifications.

The payment industry will continue to see efforts by unauthorized individuals to gain improper access to information and financial data. These efforts will grow more sophisticated with the never-ending expansion of computer power.

For acquirers, processors, ISOs and merchants, sophisticated new security methods and procedures help in a number of ways. Reduced fraud rates lower operating costs, putting money back into the pockets of everyone.

New customers are attracted to innovative forms of electronic payment and card-based, value-added applications as they feel more secure about the level of protection provided.

In addition, existing customers also enjoy increased confidence in the industry's ability to protect personal information and safeguard funds - leading to greater customer satisfaction and long-term retention.

Michelle Graff is Director of Global Marketing for VeriFone.