Transport of transaction data between point of sales endpoints and host servers over the Internet, private IP, or via dial-up connections must be protected against security breaches. Threats ranging from man in the middle attacks to financial detail being exposed to employees and others in transit and at rest can have a far reaching negative impact on customers as well as the organization in general.
Security confidence is validated by the stringent requirements outlined by PCI. NewNet System are PCI-DSS compliant with annual audit validation.
Protocols such as Transport Layer Security (TLS), Secure Sockets Layer (SSL) and Internet Protocol Security (IPSec) establish secure tunnels between endpoints. NewNet transport standards support includes support includes Visa I, Visa II, TLS 1.2, SSL 3.0/TLS 1.0/TLS 1.1. Additional features include offloading the processing of TSL and SSL messages from host systems to enhance overall performance.
A variety of encryption options are available within NewNet systems. Advanced Encryption Standard (AES) is a specification for encryption that supports key sizes of 192, 256 and 512 bits. Triple DES (3DES) is a version of DES that encrypts a message three times using the DES 56-bit key, which is effectively 168-bit key encryption.
Point to Point Encryption (P2PE) are based on ANSI X9.24 standards specified for Derived Unique Key Per Transaction (DUKPT) mechanisms.
Applicable NewNet systems are also compliant with PCI P2PE v2.0.
Digital certificates enhance security through the use of encrypted messages and public keys which are exchanged between sites when sending and receiving data over a network. Cryptography is used within the digital certificate process. NewNet systems support the RSA and Diffie-Hellman standards for the Digital Certificate process.
Tokenization keeps important information such as credit card data from being transmitted “in the clear” as recommended by PCI. NewNet supports tokenization by replacing a primary account number (PAN) or other sensitive data with a surrogate value called a token.
Key & Token Storage
The Federal Information Processing Standard (FIPS) outlines a cryptographic standard used for secure applications. It is recommended that storage of encryption keys and tokens should be maintained within a Hardware Storage Module (HSM). NewNet systems support HSM’s based upon FIPS 140-2 Level 3.