Comprehensive Security Solutions
The security solutions developed by Far Point cover many areas of technology. From database encryption to secure transport to key protection and management, we have the in-depth experience to implement and turnkey a multitude of security needs.
Our encryption experience includes:
- Advanced Encryption Standard (AES) – including AES-128, AES-192, and AES-256
- Data Encryption Standard (DES) as well as Tripe-DES
- Microsoft Transparent Data Encryption (TDE)
Over the years, we have utilized each of these encryption methods in conjunction with Microsoft SQL Server to facilitate security of sensitive data that complies with client-specific or compliance mandated requirements.
Payment Processing Security Solutions
Hardware Security Module
Far Point’s proprietary network-based Hardware Security Module (HSM) control software provides a variety of capabilities that are useful to many industries, such as credit card acquirers and issuers. Our software allows relatively low cost HSM boards to be installed in available servers and addressed across a local network, without the need for a more expensive network based hardware appliance. The solution supports the latest hardware implementations and is fully Triple-DES compliant.
Key Component Generation and Injection
We have developed software utilities that generate random key components for a variety of different key types.
- When used within a secure environment, these utilities are fully compliant with Visa security guidelines.
- Each generated key component is held by a separate custodian for storage and conveyance.
- Additional utilities permit received key components to be entered and combined within the HSMs, once again within a secure environment.
Far Point provides software tracks usage of PIN encryption keys by individual devices and enforces automatic key changes for Session keys in a Master-Session environment.
PIN Block Translation
Our software can perform PIN block translation (converting an encrypted PIN from one key set to another) for received debit card transactions before the transaction is forwarded from the Gateway to the target authorizer. The software can translate between different key sets of the same type, or between Master-Session and DUKPT (both directions) or between single and Triple-DES systems.
Most Gateway systems deploy terminal devices with the PIN encryption keys of the target authorizer injected. This means that moving from one authorizer to another requires a physical re-injection of the device. With our system, a Gateway owned key can be injected, and PIN blocks are translated on the way through to the destination authorizer using their keys. Effectively, this means that an entire terminal base could be migrated from one authorizer to another without touching the physical PIN entry devices.
PIN Generation and Verification
Additional Far Point developed software modules generate PINs for cards on behalf of the card issuer. Cardholder and PIN information can be output in a secure encrypted file format for delivery to a service bureau for creation and distribution of PIN mailers. The PIN offsets are managed by the software in a database, and additional software components manage Customer Selected PIN (CSP) features. The Far Point developed software uses this information to verify the PIN for proprietary card transactions