Financial account data can be protected from unauthorized access through measures such as encryption of data within devices having hardware-based security controls. However, existing security measures, such as encrypting a personal identification number (PIN), may leave sensitive data, such as a primary account number (PAN) exposed. Existing solutions for protecting sensitive data may require application of key management schemes that differ from those used to encrypt PIN data, increasing the burden to merchants of providing security for financial data.
Merchants may protect financial account data by routing all transactions to a single destination for payment processing. However, when routing an authorization request for a transaction, a merchant may be able to select a payment processing network among multiple available payment processing networks. It may be necessary for the merchant to provide for decryption of information in the authorization request message and re-encryption of information based on the routing destination of the authorization request message. Some payment processing networks may lack an encryption solution for sensitive data. A merchant may wish to utilize the encryption measures provided by a first payment processing network while continuing to have the ability to route authorization requests to alternative payment processing networks.
Embodiments described herein solve these and other problems.