In recent years, retail environments have faced increasing attempts of tampering and other security breaches aimed at intercepting customers' personal and financial information. Generally, the retail environment provides the customer with an interface with which to insert a payment or identification card, submitting data stored on the card's magnetic stripe, and a point-of-sale (POS) system that verifies and authenticates the information with an associated network. When a magnetic stripe card is used for these purposes, the data is typically provided from the card reader to the POS in clear text form. This allows unauthorized parties to easily intercept customer card data by tampering with the transmission line over which the information is communicated, especially if the transmission line is Ethernet or a satellite link. Once intercepted, the unauthorized parties may use the data in ways detrimental to the customer, through such means as identity theft and related misuses.
Although some systems are available to physically secure the transmission lines connecting the card reader to the POS, those same systems provide a number of limitations. In some instances, the logistics of the retail and POS systems may not allow for the transmission line to be physically secured due to environment limitations. In other instances, creating a physically secure connection between the two systems may require large amounts of time and money. A reasonable and cost-effective alternative for securing magnetic card data is not available to prevent the unauthorized interception of customers' magnetic card data communicated over the transmission line by third parties.
In typical systems, a public and private key pair may be used to secure communications between the POS and one or more of the customer interface devices. In most instances, the private key will be provided by a Root Certificate Authority (“Root CA”) and stored at the POS system. Each customer interface device may then be provided the associated public key. Depending on the implementation, each customer interface device may or may not store a trusted Root CA public key certificate. In order for this common solution to efficiently work with more than one vendor's POS servers, all vendors are required to use the same Root CA.
Advances in retail environments have resulted in secure payment modules (SPMs) having enhanced tamper-resistant and/or tamper-sensitive capabilities. For instance, when some advanced SPMs detect an attempt at unauthorized access, the cryptographical or other sensitive information stored at the SPM may be deleted or otherwise protected. Whereas previous retail environments made storage of private or sensitive information at the SPM extremely vulnerable to unauthorized parties, advanced SPMs provide a higher level of security allowing for the sensitive information to be stored in the module.