PIN-related debit transactions currently are processed at merchants' locations in very secure terminals provided by companies such as VeriFone. In general, a terminal accepts a PIN code entered by a user and encrypts it, and then sends the encrypted data through a merchant's payment system. These terminals are designed to be highly secure, e.g., while operating without any connection to the terminal manufacturer.
Although the Internet has become widely available to merchants, and although many of these terminals are connected to the Internet, they nonetheless still provide complete security for PIN code encryption keys within the terminal itself. In order to process PIN codes associated with certain types of payment cards, keys are installed in the terminal in a highly secure manner, e.g., such that tampering can be detected and, upon detection of tampering, encryption keys can be voided.
The bias toward storing PIN code encryption keys on terminals, and the concomitant use of anti-tampering mechanisms, unfortunately drives up terminal costs. Similarly, the bias away from using public, widely-available networks like the Internet can impede widespread adoption of payment means capable of accepting PIN-related debit transactions.
Thus, it will be appreciated that it would be desirable to overcome these and/or other disadvantages. For instance, it will be appreciated that it would be desirable to provide secure mechanisms for processing PIN-related debit and/or other transactions, e.g., that obviate the need to “permanently” store encryption keys on terminals, make use of networks to which merchants are already connected, facilitate payment processing from an increased merchant base, and/or the like.
Certain exemplary embodiments relate to techniques of accepting PIN codes, without having encryption keys “permanently” stored on the terminal, while still complying with relevant payment industry standards. In some scenarios, this approach advantageously helps avoid the need to secure such keys on the terminal and in turn may help to reduce the cost of the terminal, while still complying with relevant payment industry standards. The ability to obviate the need to store encryption keys on the terminal also may advantageously enable transactions to be performed in connection with a potentially broader array of device types.
Payment industry standards currently specify that the data contained in the magnetic stripe of a card (referred to herein as the “track data”) cannot be present with the unencrypted PIN code in any but a highly-secured system. Certain exemplary embodiments therefore provide techniques that help ensure that such track data is always in a separate system from the PIN code data, at least until certain elements are combined in a highly secure system for submission to the electronic funds transfer (EFT) Network.
In certain exemplary embodiments, a system for securely processing payments is provided. The system including first and second separate and/or physically separated computer systems, with each of the first and second computer systems being configured to electronically communicate with an electronic device used in processing a PIN-related debit transaction, and with the transaction having an associated transaction identifier and the electronic device having an associated device identifier. The first computer system comprises at least one first computer processor and is configured to at least: receive encrypted payment instrument information from the electronic device for the transaction; decrypt the received encrypted payment instrument information; electronically transmit to the second computer system the decrypted payment instrument information, the identifier of the electronic device, and the transaction identifier; and electronically instruct the electronic device to request a PIN scrambling key from the second computer system. The second computer system comprises at least one second computer processor and is configured to at least: generate for and transmit to the electronic device a PIN scrambling key in response to a request being received at the second computer system from the electronic device; receive a scrambled PIN code from the electronic device, with the scrambled PIN code being scrambled at the electronic device using the generated PIN scrambling key; descramble and encrypt the received scrambled PIN code; and electronically transmit to an electronic fund transfer network the payment instrument information received from the first computer system and the descrambled and encrypted PIN code to securely process the PIN-related debit transaction.
In certain exemplary embodiments, a hardware security module comprising at least one processor and a memory is provided. The at least one processor and memory are arranged to cooperate to perform operations comprising: receiving encrypted payment instrument information; decrypting the received encrypted payment instrument information; determining, from the decrypted payment instrument information, that a PIN code is required. In response to the determination that a PIN code is required, the hardware security module is further configured to perform operations comprising: deleting the decrypted payment instrument information; generating for and providing to the electronic terminal a PIN scrambling key; transmitting to the electronic terminal an instruction to obtain a PIN code; temporarily holding an encrypted version of at least some of the received payment instrument information; receiving from the electronic terminal the PIN code, scrambled using the PIN scrambling key; descrambling the received scrambled PIN code; encrypting the descrambled PIN code; decrypting the temporarily held encrypted version of the at least partial payment instrument information; and electronically transmitting to an electronic fund transfer network the at least partial payment instrument information and the descrambled and encrypted PIN code to securely process the PIN-related debit transaction.
Corresponding methods and/or non-transitory computer readable storage media also are contemplated herein.
The exemplary embodiments, aspects, and advantages disclosed herein may be provided in any suitable combination or sub-combination to achieve yet further exemplary embodiments.