NetMATRIX (Multi-Application Transaction Routing and Identification eXchange) Terminal Line Encryption - is the complete solution for banks wishing to introduce terminal line encryption into their existing POS network infrastructure.
1. Multi-box, high-performance, high-availability, load-balancing architecture
2. Multi-host links: Performs smart routing to multiple hosts
3. Multiple channels: dial-ups, lease lines, GPRS, broadband
4. End-to-end encryption (E2EE) featuring multiple encryption algorithms : TEA, DES, 3DES, AES
5. Upstream/Downstream encryption
6. Multiple MACing algorithms : X9.9, X9.19, SHA-1 + X9.9, SHA-1 + X9.19
7. Multiple key management schemes: Unique key per terminal, unique key per transaction
8. Supports different messaging formats (full message encryption, selected field encryption)
9. Local and remote secure key injection capabilities
10. Supports leading terminal brands and models
11. PCI compliance
With NetMATRIX TLE, we addressed network security and fraud threats with a plug-and-play solution that requires no host changes. In providing critical capabilities such as remote key injection and management, NetMATRIX also addresses other administration and deployment issues such as mixed terminal environments, phased deployments, and key changeovers.
Despite its holistic approach to security and encryption, it is also scalable and highly available to meet the demands of mission-critical, high-volume transaction processing environments providing 3-in-1fuctionality: a combination Switching NAC, Concentrator NAC and TLE.
Similaire à NetMatrix TLE Terminal Line Encryption. SPVA certified, DUKPT, 3DES, DES, AES, End-to-end encryption (E2EE), Multiple MACing algorithms, Local and remote secure key injection
4. Payments: The story so far… “… Globally, the drive to increase (card) payments efficiency and security is relentless…” “… Globalisation is increasingly emphasising the need for widely accessible, seamless, & secure ways of effecting non-cash payments to facilitate consumer spending, and to reduce fraud and money laundering.…” “… More efficient, effective systems could also help lessen systemic risk & potentially provide a source of additional retail revenue for banks.…”
5. Vietnam embraces the electronic era “… Vietnam is regarded by the global banking industry as one of the most fertile growth hotspots in the world, particularly for cards and electronic payments….” VRL Financial News, October 2009
6. Security: The story so far… “… increased incidences of ATM and card skimming.…” “… the need to reassure cardholders about the safety and security of card transactions.…” “ Statistics from 2007 show the level of payment card fraud in Vietnam stood at 0.15 percent of total card payments, a much higher level than the global average of 0.06 percent.”
7. E2EE: What is it? Computer Desktop Encyclopedia “… is defined as the continuous protection of the confidentiality and integrity of transmitted information by encrypting it at the origin and decrypting at its destination.…”
10. In cryptography, encryption , is the process of transforming information to make it unreadable to anyone except those possessing special knowledge, usually referred to as a key. The result of the process is encrypted information (Wikipedia) en·cryp·tion /-'krip-sh&n/
11. MAC-ing is the process of “fingerprinting” data to allow any tampering to be detected, where the fingerprint is encrypted so only Sender/Receiver can form a real MAC and thus, allowing the receiver to authenticate & verify the message Message Authentication Code
28. Payments: The story today… Source: BNM, 2009 Financial Stability and Payment Systems Report 2008
29. Payments: The story today “… (card fraud) losses continued to be insignificant, accounting for less than 0.04% of total card transactions during the year.”
35. NetMATRIX TLE (Terminal Line Encryption) is a plug-and-play solution for banks who wish to introduce terminal line encryption into their POS network infrastructure Net MATRIX Terminal Line Encryption
41. Credit Card Host NII: 160 “ Typical” Transaction Flow Issuing Bank Host Acquiring Bank EDC Terminals Switching NAC Remote NAC Remote NAC Net MATRIX Acquiring Host 160 Message
42. Credit Card Host NII: 160 NetMATRIX TLE NII: 161 Encrypted Transaction Flow Issuing Bank Host Net MATRIX Acquiring Bank Acquiring Host EDC Terminals Switching NAC Remote NAC Remote NAC 161 Enc Message 160 Enc Message
43. Encrypted Transaction Flow II Credit Card Host NII: 160 NetMATRIX TLE NII: 161 Net MATRIX Acquiring Bank Acquiring Host Issuing Bank Host EDC Terminals Switching NAC Remote NAC Remote NAC 161 Enc Message 160 Enc Message
44. Data Center Host NAC NetMATRIX: How it Works Terminal Encrypt selected fields in transaction 1 Send to Host 4 Decrypt & validate transaction 2 Reform to original message 3 Response from Host 5 Encrypt & MAC response 6 Decrypt & validate response message 7
48. Our Mission To be the leading end-to-end payment services enabler in the Asia-Pacific region, deploying world-class payment infrastructure, technology and services
55. Philippines China / Hong Kong Middle East Romania Asia/Pacific Australia / New Zealand Thailand Customer References
56. Thank you Alex Tan Vice President – International Sales [email_address]
Notes de l'éditeur
Mixed environment Mix of encrypting / non-encrypting terminals Different terminal vendors Different terminal capabilities Coexistence of multiple encryption schemes Deployment Issues Terminal Key Injection Phased Rollout Security Holistic treatment of Security? Procedures, Processes, technology Addresses other possible attacks? Understanding of possible attacks & risks? Terminal key storage? Performance Scalability Impact on host performance Impact on terminal performance Terminal Implementation Simplicity of terminal implementation Multi vendor implementation Impact on current infrastructure Host changes? Network & terminal changes? Stability? Robustness? Performance? Response time? Impact of future changes Changes in message formats Different message versions Shared Network Tag-on terminal applications Future requirements Multiple hosts & applications Different channels Cost Return on investment
GHL’s Interception based approach Introduction to Key Features slides
Does chip effectively prevent counterfeit fraud? The fraud statistics (Figure 1) for Malaysia clearly show the strong inverse relationship between increasing chip maturity and declining counterfeit fraud.
Does chip effectively prevent counterfeit fraud? The fraud statistics (Figure 1) for Malaysia clearly show the strong inverse relationship between increasing chip maturity and declining counterfeit fraud.
Does chip effectively prevent counterfeit fraud? The fraud statistics (Figure 1) for Malaysia clearly show the strong inverse relationship between increasing chip maturity and declining counterfeit fraud.
Does chip effectively prevent counterfeit fraud? The fraud statistics (Figure 1) for Malaysia clearly show the strong inverse relationship between increasing chip maturity and declining counterfeit fraud.
First & foremost, let us establish some of the facts before us…. Collection began in 2002 – contrast numbers: 20,733.5
GHL’s Interception based approach Introduction to Key Features slides
NetMATRIX TLE - Terminal NetMATRIX TLE comes with SDK for terminal Secure key storage for terminal Guards against terminal-to-terminal copy Local & Remote key injection capability NetMATRIX TLE – Host-side Plug N Play – Minimal change to infrastructure, no host changes 3-in-1 functionality – Digital SNAC, CNAC, TLE Form factors – Boxed solution Key Storage – HSM-based or Software-based (option) Selected-Field-Encryption (SFE), Full-Message-Encryption (FME) Multiple encryption algorithms: DES, 3DES, AES, TEA Multiple MACing algorithms: SHA-1+AES, SHA-1+RMAC Multiple key usage methodologies – unique-per-term, unique-per-txn Multiple hosts support Multiple key groups – different apps/vendors can have diff keys Multiple channels – dial-up, lease line, GPRS, GSM, broadband, etc Supports upstream & downstream encryption & MACing High-performance, high-availability, horizontal scalability (120 tps, 200 tps) ISO8583 compliant – will support any compliant NAC Utilities – Local & remote key injection utility Extensible – Can be used for other applications
NAC sends transactions to NetMATRIX farm. NetMATRIX farm utilize a load-balancing service across the farm of machines, so that all these machines share the same virtual IP address. The NAC will try to establish a connection with this virtual IP address, and one of the NetMATRIX boxes will accept this connection request; thereafter, the NAC will have a persistent connection with this one box. Transactions from the NAC will subsequently be funneled through this connection and reach this primary NetMATRIX machine. The NetMATRIX box will then act to distribute these transaction messages to various other boxes in the farm for processing. Transaction load: > 120 tps = 7,200 tpm = 432,000 tphr = 10.3 million tpd = 311 million tpmonth
NAC sends transactions to NetMATRIX farm. NetMATRIX farm utilize a load-balancing service across the farm of machines, so that all these machines share the same virtual IP address. The NAC will try to establish a connection with this virtual IP address, and one of the NetMATRIX boxes will accept this connection request; thereafter, the NAC will have a persistent connection with this one box. Transactions from the NAC will subsequently be funneled through this connection and reach this primary NetMATRIX machine. The NetMATRIX box will then act to distribute these transaction messages to various other boxes in the farm for processing.