An e-payment consortium established by ACI Worldwide, Diebold, Thales e-Security and VeriFone has published a draft security specification proposing the first global interoperable method of triple DES session key management.
3DES is a key encryption algorithm designed to prevent fraud for PIN-based debit transactions initiated at ATMs and POS terminals. While standards currently exist for 3DES master key management and 3DES DUKPT (Derived Unique Key Per Transaction), there is a lack of standards for session key management. Without standards, each vendor is required to develop proprietary implementations, placing an added interoperability burden on the systems that must transport session keys.
The e-payment consortium is working to create a global 3DES specification to increase/enhance interoperability between each element of an end-to-end payment solution from the host software, to host security modules and automated teller machines (ATMs) and point-of-sale (POS) terminals.
The consortium intends to work with leading card associations, other vendors and industry standards organisations in the United States and internationally to finalise and adopt the specification.