After Triple DES, ENCASH Moves Towards PCI-DSS to Prepare for EMV

Much before the Bangko Sentral ng Pilipinas required banks to be Triple Data Encryption Standard (3DES) compliant by January 2015, the Electronic Network Cash Tellers, Inc. (ENCASH) right from 2007 ensured that the entire network, from the switch, HSM to all deployed Automatic Teller Machines (ATMs) were 100% compliant.

A critical next step for ENCASH is PCI-DSS Certification or the Payment Card Industry (PCI) Data Security Standard (DSS), whose rules specify procedures to be followed when storing, processing, and transmitting customer ATM or credit card data. ENCASH is upgrading its Transaction Processing (Switchware) Software to Release 3.12, the PCI-DSS compliant version.

As a first step towards this compliance, ENCASH recently concluded the VISA PIN Audit which evaluates the Company's equipment, technologies, and processes used in the acquiring business. The VISA PIN audit defines best practices for the Company's network and systems. Once these are in place, ENCASH's ATMs will be certified and allowed to accept VISA International Card transactions. It will also mean that VISA International Cardholders will have the assurance that ENCASH has complied with the minimum standards set by VISA to mitigate fraud.

This August the BSP released the new Information Technology Risk Management (ITRM) Framework. Compliance with the ITRM will necessitate network-wide systems upgrades, not just for ATMs nor POS Terminals, but also for switch, HSM, Debit/Credit/ATM Cards for all banks. This ensures the strengthening of the entire Philippine payment infrastructure.

By January 2017, the Europay Mastercard VISA (EMV) standard will also be a BSP requirement.EMV chip cards primarily improve security against fraud. In combination with the use of a Personal Identification Number (PIN) and cryptographic algorithms such as Triple DES, it enables secure authentication of the card to the processing terminal and the user's authorizing system.

The EMV chip card has more advantages than a magnetic stripe card, which is vulnerable to fraud through skimming. The data stolen from the magnetic stripe card can be written on another magnetic stripe which then serves as a duplicate to the original cardholder's card. In many cases, the duplicate card is used in distant locations, even in other countries.

The advantages of an EMV ATM Card are as follows:

  1. The chip-based card can store more information than the conventional magnetic stripe card.
  2. This enhanced capacity allows for the transaction-unique digital signature in the card - which is used to encrypt information on the chip.
  3. Information on the card cannot be easily skimmed because of this encryption.
  4. Withdrawal behavior may be included in transaction tracking mitigating risk of card/PIN compromise.

This enhanced cardholder verification method- together with the transaction-unique digital signature makes the chip-based card more secure than the regular magnetic stripe card - thereby protecting cardholders, issuers and merchants from fraud.

EMV is in various stages of adoption in the following locations: Europe, USA, Canada, China, Japan, Africa, Mexico, Brazil, United Kingdom, New Zealand, Middle East, Latin America, the Caribbean, South Africa, Colombia, Australia, India, and Thailand. Approximately 1.5 billion EMV cards have been issued globally and 21.9 million POS terminals accept EMV cards by the end of 2011.