A: The Networks (Plus, Star, Pulse, Cirrus, etc.) have implemented Triple DES protocol for all ATMs by April 1, 2005. If your ATM is not Triple DES compliant, your ATM may (and eventually will) be shut off. Triple DES is a security move to help in the encryption of cardholder information to the host processor. In short the ATM will scramble the card number and pin, and the host processor will have a “key” to unscramble the information. When the translation is approved or denied the host processor will scramble (encrypt) the data and send it back to the ATM. The ATM will unscramble the info with its “key” and dispense the cash or print you a receipt. This helps in keeping your information more secure.
Q: When does my ATM have to be Triple DES?
A: The deadline with Visa was April 1, 2005.
Q: My ATM is still working, so why do I have to pay for a upgrade kit?
A: Sure its working today. But if you are not compliant, you may be shut off at any time, without notice. Some extensions have been given due to the volume of ATMs deployed. If the ATM company is not upgrading existing ATMs then you have a higher chance of getting shut off.
Q: How much does it cost to upgrade?
A: Depends. Based on your ATM, it may be a simple software download, or a part(s) replacement to be Triple DES compliant, or your ATM may not be upgradable at all, and you will need to replace the ATM. Some upgrades cost more than your machine is worth. This is why our trade-in program is so popular. Contact us for the current trade-in program details.
If you have a machine more than two years old, you will need to have it upgraded to Triple DES. If your ATM is several years old, you may need to replace the ATM to be Triple DES compliant. Go to our page and get up to $1,000.00 for trading in your old ATM.
Requirements for DES and Triple DES Keys
Data Encryption Standard (DES) is the encryption standard set by the National Bureau of Standards and released in the Federal Information Processing Standards Publication 46-2. A full explanation of this standard can be found at http://www.itl.nist.gov/fipspubs/fip46-2.htm.
Triple Data Encryption Standard (TDES), also known as TDEA (Triple Des Encryption Algorithm) is the encryption standard set by the National Bureau of Standards and released in the Federal Information Processing Standards Publication 46-3. TDES uses three sets of DES encryption to secure data. A full explanation of this standard can be found at http://csrc.nist.gov/publications/fips/fips46-3/fips46-3.pdf.
The procedures outlined in these standards are essentially the same:
- Key Components must be stored in a secure device (such as a safe or tamper-evident locking box) within a controlled environment.
- Key components must be kept secret during the key loading process.
- Key components must be shipped in a tamper-evident container.
- ATMs must be inspected for tampering prior to loading key components.
- If keys and/or terminal show signs of tampering, proper escalation procedures must be followed.
- Internal key loading procedures must be followed.
- Keys must be entered into the terminal using dual control (two people) split knowledge. Each key component must be loaded by a separate component holder, and bound together by the ATM device. Each key component must be properly destroyed (by custodian) immediately after key entry.
DES utilizes 16-byte keys, TDES utilized 32-byte keys
Deadlines for TDES Compliance:
MasterCard deadlines state:
- All newly installed merchant terminals and ATMs are to be TDES capable as of April 1, 2002. This includes new, used or relocated terminals.
- All terminals and ATMs by April 1, 2005
Visa deadlines state:
- All newly deployed ATMs must support TDES by January 1, 2003. This includes new, used, or relocated terminals.
- All newly deployed POS PIN devices must support TDES by January 1, 2004. This includes new, used, or relocated terminals
Star deadlines state:
- All newly deployed ATMs must support TDES by June 30, 2003. This includes new, used, or relocated terminals.
- All ATMs by December 31, 2005
NYCE deadlines state:
- All newly deployed ATMs must support TDES as of June 30, 2003
- All ATMs by December 31, 2005
Pulse deadlines state:
- All ATMs must be TDES compliant by December 31, 2005