A modern approach to electronic payment security must embrace multilevel protection, as well as effectively combine proactive and reactive measures. The main threats that are present in the e-payments industry today can be summarised into four broad groups:
As it is well known, to enable a secure cryptographic system, financial institutions need Host Security Modules (HSM). The TranzWare products and solutions support several HSM types and to access these devices the TranzWare applications use a standard interface – TranzWare Online CryptoServer. Such an approach allows HSM functionality to be available to a wide range of different applications and also allows to “hide” from them what specific device they communicate with. TranzWare Online CryptoServer (TWO CS) supports HSM8000 and payShield 9000 lines by Thales e-Security, some Atalla models and products supplied by SafeNet - ProtectServer and ProtectHost lines. All low-level aspects of the implementation are performed by TWO CS itself, whereas client applications (such as TranzWare Card Factory) refer to the module only with business-logic level requests, for example calculation of PVV and PIN. TWO CS can be easily integrated with third party applications.
Although TWO CryptoServer can help to significantly enhance security there is still a problem of managing cryptographic keys, especially in the systems that have hundreds or thousands of devices. Compass Plus has developed TranzWare Online Key Management System (TW KMS) to address this specific problem. Implementing this module can considerably simplify the work of staff dealing with the cryptographic keys, therefore, reducing human error and improving security. The system facilitates automatic generation of cryptographic keys as it includes the following capabilities:
Additionally, TWO KMS monitors the entire lifecycle of cryptographic keys.
The system is closely integrated with TranzWare Online (front office system) and therefore, enables the following:
Unfortunately not all areas of a payment system can be protected by cryptography, where one of the most obvious examples is remote banking. These are characterised by Card Not Present transactions, absence of a device that can perform cryptographic function and store cryptographic keys, as well as by data being transferred over public networks. Introducing cryptographic protection systems in this case is, although possible, still leaves them vulnerable, immobile, requiring investment in certain software or even hardware from the customer’s side. Also such system organisation cannot be applied to phone banking.
To address this problem and offer enhanced security features, TranzWare Online offers a comprehensive multi-factor authentication without having to use costly hardware on the user’s side. An example of multi-factor authentication can be a combination of a static password (something the user knows) and single-use passwords (dynamic passwords) list. TranzWare Online allows a client application (e.g. TranzWare Internet Banking – remote internet banking solution or TranzWare Online FIMI – web interface to resources of a remote processing centre) to authenticate a user by means of freely combining different methods.
As was noted above, another security threat in the e-payments business, is fraudulent actions performed by means of lost and stolen cards. TranzWare Fraud Analyzer was specifically designed to monitor, reveal and prevent fraud and risks associated with lost and stolen cards. The system enables the following:
Today, EMV standard is no longer an idea, many European banks have completed their migration to the EMV standard and hundreds of financial institutions are well on their way. The rationale for EMV is straightforward – significant reduction in costs of card fraud and improvement in overall security of card-based transactions. The TranzWare product family has been made EMV-compliant several years ago. All the relevant products have been repeatedly successfully certified for EMV compliance. Moreover, Compass Plus offers pre-authorised cards, full M/Chip and VSDC issuing and acquiring functionality to ensure top-notch security of retail banking business.
TranzWare Online also supports EMV DPA/CAP technology. Compass Plus and their technological partners - Gemalto, VASCO Data Security and VISA were the first companies to launch a product based on the EMV CAP technology in Russia as well as in the CEMEA region.
Additionally, TranzWare e-Commerce – an integrated 3D Secure protocol compliant solution further extends the security features offered by the TranzWare product family by means of enabling secure use of payment cards on the Internet. It provides a host-to-host interaction with issuers and acquirers as well as Visa and Mastercard networks. The product performs authentication of electronic transactions in compliance with 3D Secure (Verified by Visa and SecureCode) standard and allows customer identification from an issuer’s as well as acquirer’s side. Above all, the solution is designed to be suitable for issuers as well as acquirers and its ACS and MPI modules (for issuers and acquirers respectively) are independent of each other and as such can be supplied separately. TranzWare e-Commerce has been successfully certified for compliancy with 3D Secure and is a part of Verified by Visa and Mastercard SecureCode programmes.
Additionally, features such as user and session monitoring and auditing as well as access right control are embedded into all TranzWare modules to enhance security within an organization and reduce risks associated with abuse of authority delegated to financial institution personnel.