Most standard card payment systems around the world utilize what is called the “Four Corners” model. This model, which is also often referred to as the “Four Party Scheme” relies on the secure environments provided by hardware security modules (HSMs) to protect the numerous cryptographic keys and cryptographic operations involved with the processes used for credit card-based payments and retail banking.
Understanding the Four Corners Model
Before delving into how HSMs are used throughout the four corners model, it is best to first understand what exactly the four corners represent in this model:
1. The Cardholder, sometimes referred to as the consumer who has a payment card from a bank and is authorized to use it. Typically, the card is directly linked to the Cardholder’s account, except in instances where the card may be a corporate credit card or fleet card provided to employees.
2. The Merchant, e.g., retail store, restaurant, or other type of business accepting card payments and often referred to as “the Acceptor. Accepting card payments for goods or services provided is the primary role the Merchant plays in the Four Corner Model. An ATM may also be considered a merchant because it accepts payment cards.
3. The Issuer, typically a bank that issues the payment card to the Cardholder. The payment card that is issued may be one of three different types:
- Debit card
- Credit card
- Prepaid card
These cards are provided on behalf of specific card payment network, such as Mastercard, Visa, American Express, Discover, Europay, or JCB.
4. The Acquirer, usually a bank or other financial system that provides the tools needed for the Merchant to process payment card transactions, including hardware and software. The Acquirer manages the return authorization codes produced during the transaction.
The Four Corners Model is relatively simple and involves several flows between each of its components. But behind the scenes the exchange of data between the corners needs to be protected as it travels back and forth.
Role That HSMs Play in Credit Card-Based Payment and Retail Banking
Card-based payment and retail banking transaction processes that are conducted within the Four Corners must be performed in a secure environment, such as that provided by an HSM. But what differs is how an HSM is applied throughout each of the four corners.
For a cardholder with a chipped payment card as required in EMV transactions, the chip acts as a micro-portative HSM.
Things become a little more complicated for the Merchant corner and depend on the size of the merchant and the nature of their business. A smaller Merchant may have point-of-sale (POS) terminals that are equipped with secure memory and cryptographic hardware. This hardware can act as a small HSM. However, larger retailers may operate with a hub to manage their payment terminals where they are often allowed to collect and grouped before being sent to a gateway. Such hubs require network-attached HSMs to keep the collected transactions secure.
The Issuer needs HSMs for multiple reasons, beginning with its issuance of payment cards, keys used to activate and process cards, and then managing the cryptography involved throughout its cards’ lifespan. HSMs are also used to authorize the cryptographic flow.
The Acquirer must manage all the financial terminal keys used by the Merchants and process the cryptographic flow toward the Issuer. This requires multiple robust, banking-grade HSMs.
HSMs are a must for securing the end-to-end transactions that are ciphered and must be protected regardless of which of the four corners is at work. As the number of transactions continues to increase, so does the risk of data being compromised, therefore necessitating the need for HSMs throughout the entire process.
The payment card industry data security standards
The complete process along the 4 corners is specified by the payment card industry’s standards and other standardizing bodies, i.e.
- the Payment Card Industry Data Security Standards (PCI-DSS), specifies how secure networks and systems are built and maintained, as well as how cardholder data is protected, how vulnerabilities are managed, how access control is implemented, how networks are monitored and tested and how an information security policy is to be maintained. In all these requirements, the HSMs play a pivotal role.
- the PCI PIN Transaction Security HSM (PCI PTS HSM) standard which defines the security requirements to HSMs across their entire life cycle. PCI PTS HSM is largely based on the FIPS 140-2 (Federal Information Processing Standard) by the U.S. government.
- the ANSI x9.24-1-2017 Standard, addressing and standardizing symmetric key management related to Secure Cryptographic Devices (SCD) for Retail Financial Services.
- the Common Criteria (CC), which is a globally recognized standard/certification (ISO/IEC 15408) which helps in choosing maximum security and assurance levels of HSMs.
Utimaco’s HSMs comply with all of these international security standards. They have an unmatched rate of global implementation across retail banking networks. Utimaco’s Atalla division pioneered security across the 4 corners since the 1970s. Many of Atalla’s ground-breaking innovations on HSMs, key-blocks and data protection are now included in the international payment security standards.
- Cardholder, Merchant, Issuer & Acquirer - The Four Corners Model for Payment Security and Key Management
- PTS HSM Security Requirements
- PCI Security Standards Council
- Computer History Museum
- Why does the Shift from PCI PTS v1 to v3 and PCI PIN Security Mandate a Key Block-Oriented Architecture?
- Hardware Security Modules According to ISO 13491 and the Relation to ANSI x9.24-1-2017
- What are the common criteria for hardware security modules?
Blog post by Dawn Turner.