Utimaco, a cybersecurity and compliance solutions provider, leverages cryptography in developing solutions that ensure the security of digital banks.
Apart from encryption, which is the most common method that data are strongly protected, Utimaco also utilizes tokenization which further protects sensitive data such as credit card numbers or bank account details.
Tokenization transforms the information into an indistinguishable set of characters referred to as tokens. If stolen, tokens present no value without the tokenization system.
Utimaco has a roster of products and services that cut across the different requirements of banks. The provider’s Hardware Security Modules (HSMs) manage cryptographic keys in a secure domain during transactions, which it believes is crucial for data collected by banks and other financial institutions.
“Now that banking transactions are increasing; data security and identity protection are more at risk from cybercriminals,” said Deval Sheth, managing director for Asia Pacific at Utimaco. “This makes HSMs vital to the key parties in the data ecosystem.”
According to Utimaco, the chip for EMV transactions in its payment card serves as a micro-portative HSM for a card owner. However, for the merchant side, the use of HSMs depends on the scale and nature of a business. Smaller vendors can rely on point-of-sale (POS) terminals built with secure memory and cryptographic hardware that can act as HSMs. Major retailers, on the other hand, would require network-attached HSMs to ensure secure transactions.
The issuing bank needs robust HSMs to generate, protect, and manage the keys to activate and process payment cards. For the acquirer, HSMs handle all the merchant’s financial channel keys and process the cryptographic flow in the issuer’s direction.
Utimaco offers HSMs that can securely process transactions in the financial industry. One of these devices is the Atalla AT1000, a FIPS 140-2 Level 3 and PCI PTS v3 certified payment HSM.
“The Atalla AT1000 can secure critical data and associated keys for non-cash payment transactions in retail, cardholder authentication, and cryptographic keys of payment service providers, acquirers, processors, issuers, and even payment networks,” explained Sheth.