Encryption in Payment Systems – PCI PIN Security and Point to Point Encryption (P2PE)

Course Description

This two day class provides interactive, hands-on training focused on how to securely deploy and manage encryption keys and hardware used in payment systems that support online PIN debit and PCI Point to Point Encryption (P2PE).  The class consists of lectures, workshops, and hands on demonstrations involving hardware security modules (HSMs) and point of interaction (POI) devices such as payment terminals, mPOS terminals and encrypting PIN pads (EPPs).

Location and Date

  • Dates and Locations to be Announced

Agenda

Day 1

  • Introduction
  • PCI PIN Security Requirements, TR-39 and PCI Point to Point Encryption (P2PE)
  • Encryption from ancient Greece to the present
  • Types of encryption keys used in payment systems
  • Encryption workshop (creating encryption keys, encrypting and decrypting messages)

Morning Break

  • Key management lifecycle
  • Management of encryption keys
  • Policies, procedures, forms and logs
  • Key management workshop
Lunch Break
  • High level payment network architecture, topology and definitions
  • Acquirers and issuers
  • Switches and payment gateways
  • Network architecture workshop
Afternoon Break
  • PTS HSM and FIPS 140-2
  • Hardware Security Modules (HSMs) for transaction processing
  • Key management devices (KMDs)
  • Local and remote HSM management
  • Hands on HSM workshop

Day 2

  • Key injection facilities (KIFs)
  • Key loading devices (KLDs) and key signing devices (KSDs)
  • KIF workshop
Morning Break
  • PTS PIN Security
  • Point of Interaction (POI) payment devices
  • PEDs, SCRs, mPOS, EPPs
  • Key injection device workshop
Lunch Break
  • Certification and registration authorities
  • Remote key loading (RKL) for ATMs
  • Remote key loading for mPOS devices
  • Remote key loading workshop
Afternoon Break
  • mPOS and the changing landscape
  • Summary
  • Q&A session
  • Class evaluation

Fees

The fee for the class is $995.  The fee entitles the registrant to attendance at the two day class, copies of all workshop handouts, a PDF version of the class material, and up to two hours of post class consulting assistance via phone and email.

Registration

Email sales@k3des.com to request information and to register for the class.

About the Primary Instructor

Jim Richardson, the president of K3DES, has 24 years of practical experience with encryption for payment systems.  He played a key role in developing the first PIN security programs and the first PIN security training program.  Jim has performed encryption consulting, training and assessments for major payment switches, acquirers, processors, payment gateways, key injection facilities and certification authorities globally.

About K3DES, LLC

K3DES was founded in 2002 and is focused on the security of payment systems.  Visa has  approved K3DES as a Visa PIN Security Assessor (SA) firm.  K3DES is approved by the PCI Security Standard Council as a PCI DSS QSA, PA DSS QSA and P2PE QSA and for PCI PIN training.  K3DES has extensive global experience with payment processors, switches, gateways, remote key loading, certification authorities and key injection facilities.