Connect with us

Hi, what are you looking for?

HEADLINES

Utimaco, Securemetric Technology highlight best practices to ensure data security

How can organizations secure data infrastructure in today’s digital banking world? And what is the current data ecosystem?  

In today’s digital world, banks and financial service institutions (FSIs) are responsible for protecting consumers’ critical data to avoid economic and reputational loss. However, existing infrastructures continue to evolve due to the  industry’s digitalization, and more consumers are now utilizing digital platforms for their daily transactions. According to the Bangko Sentral ng Pilipinas (BSP), such situations risk data security and identity protection. 

How can organizations secure data infrastructure in today’s digital banking world? And what is the current data ecosystem?  

In an event organized by Utimaco, a global platform provider of trusted cybersecurity and compliance solutions, in partnership with Securemetric and CorewareTechnology, titled ‘Building a Foolproof Infrastructure in Today’s Digital Banking World,’ Utimaco leaders shared insights and best practices to ensure a guarded digital future.

Understanding the data ecosystem  

Advertisement. Scroll to continue reading.

Card payment systems usually use what is commonly known as the “Four-Party Model.” This involves the cardholder, a consumer with a payment card provided by a bank or other financial institutions, and the merchant, a business, or an individual who receives card payments in exchange for products and services. Automated Teller Machines (ATMs) belong to this category as they accept payment cards.  

Key parties also include the issuing bank, which provides payment cards to the card owner on behalf of the card networks. In this model, the issuer is the one who pays the acquiring bank for the purchased products and services by the cardholder, who then pays back the issuing bank according to the contract terms.   

Lastly is the acquiring bank. It is a financial institution that contains the merchant’s bank account. Contracts with the acquirer enable merchants to accept payments from any issued card. While the model is simple, the four parties exchange critical data, which can be at risk if not secured.  

Using cryptographic methods for data security  

The industry uses cryptographic methods to protect consumers’ private information when stored or in motion online during a transaction. This includes encryption and tokenization. The former involves an algorithm that alters the data into an unrecognizable form known as ciphertext, a decryptable with a key. Meanwhile, the latter transforms the information into an indistinguishable set of characters referred to as tokens. If stolen, tokens present no value without the tokenization system.  

Advertisement. Scroll to continue reading.

Role of HSMs in securing transactions  

Hardware Security Modules (HSMs) are devices to create, protect, and manage cryptographic keys in a secure domain during transactions. And HSM applications differ in the four key parties of the data ecosystem. The chip for EMV transactions in its payment card serves as a micro-portative HSM for a card owner. However, for the merchant side, the use of HSMs depends on the scale and nature of a business. Smaller vendors can rely on point-of-sale (POS) terminals built with secure memory and cryptographic hardware that can act as HSMs. Major retailers, on the other hand, would require network-attached HSMs to ensure secure transactions. 

Meanwhile, the issuing bank needs robust HSMs to generate, protect, and manage the keys to activate and process payment cards. For the acquirer, HSMs handle all the merchant’s financial channel keys and process the cryptographic flow in the issuer’s direction. 

“HSMs are essential to protect the ciphered transactions across the four corners of the data ecosystem. It acts as a safe in a financial institution’s network and houses the keys needed to decrypt consumers’ critical data. Now that banking transactions are increasing; data security and identity protection are more at risk from cybercriminals. This makes HSMs vital to the key parties in the data ecosystem,” said Deval Sheth, Managing Director for Asia Pacific at Utimaco.  

Protecting payments with Utimaco  

Advertisement. Scroll to continue reading.

Utimaco offers reliable HSMs that can securely process transactions in the financial industry. One of these devices is the Atalla AT1000, a FIPS 140-2 Level 3 and PCI PTS v3 certified payment HSM. Among the financial institutions that integrated this HSM is a digital payment services platform and an e-money company in Pakistan called NayaPay.  

With this, the financial institution aims to secure customers’ data, identities, and finances while adhering to compliance and regulation standards. After integrating Atalla AT1000, NayaPay gained robust and flexible protection at every transaction, cut the cost of ownership through consolidated HSM infrastructure, and met security and compliance requirements, among others.  

“The Atalla AT1000 can secure critical data and associated keys for non-cash payment transactions in retail, cardholder authentication, and cryptographic keys of payment service providers, acquirers, processors, issuers, and even payment networks,” added Sheth.  

Advertisement. Scroll to continue reading.
Advertisement
Advertisement
Advertisement

Like Us On Facebook

You May Also Like

HEADLINES

Delta will feature automation technologies for production efficiency, energy infrastructure to support electrification, and clean energy solutions to reduce carbon emissions.

HEADLINES

The Open Enterprise Linux Association (OpenELA) has published enterprise Linux sources compatible with Red Hat Enterprise Linux (RHEL) 9.5.

HEADLINES

The FarmTech training kit is composed of 10 smartphones, a tablet, a SmartBro pocket Wi-Fi with Smart prepaid load cards, an outdoor projector and...

HEADLINES

PLDT and Smart's Technolab serves as a facility for the exploration and testing of new and upcoming network technologies and solutions, such as 6G,...

HEADLINES

The attackers used a series of campaigns with novel exploits and customized malware to embed tools to conduct surveillance, sabotage and cyberespionage as well...

HEADLINES

The event emphasized the pivotal role of PLDT Enterprise’s Managed SD-WAN and Managed Network Service for businesses striving for operational excellence and digital transformation.

HEADLINES

Financial phishing attacks are rapidly increasing in the country as cybercriminals continuously evolve and adapt their tactics, making them sophisticated. The number of attacks...

HEADLINES

A Scale of Harm study by the International Justice Mission revealed that almost half a million Filipino children were trafficked to produce new child...

Advertisement