TR-31 what is it and how to keep up with the new regulatory required by VISA and MasterCard?

In the new environment where accelerating connectivity and increasing digital and contactless payments require being ahead of risk, therefore large international card and PCI networks have established strengthening the protection of encrypted keys in the exchange of information in the payment environment, in order to provide greater protection of sensitive data in the payment process.

But what is TR-31?

TR 31 is a method that corresponds to anS X9.24 requirements for symmetric financial services key management. Essentially, Key Blocks protect DES, 3DES and AES keys from unauthorized replacement, key replacement, or misuse of external influences. Confidential information for each key is subject to a header and binding method. This specific format allows for unique key protection, which means that each key is provided with unique information in the header that allows it to be easily distinguished and identified in a cryptographic system.

This allows the quick identification of false keys inserted by fake entities in the hope of retrieving confidential information.

How to quickly implement TR-31?

While it is key to process all internal and external connections (such as local and international networks) in your payment environment and in storing those keys in each of the operating environments, it is important to have adequate support since in multiple cases and in previous versions of the providers the specific support for this new regulatory is limited.

It is also important that the implementation is also to apply this scheme in connection with merchant hosts, point-of-sale (POS) devices, and ATMs. This requires an implementation scheme that streamlines compliance and facilitates deployment, certification, and commissioning.

At CLAI PAYMENTS® we have the experience in the TR31 import and export process, in the region where two of our customers already have this process on Power i platforms, overcoming processes not supported by hardware manufacturers in their previous versions and facilitating the integration of the process into symmetrical and asymmetric keys, such as DES, 3DES, RSA and AES , in the establishment of regulatory to the connections of major international networks such as VISA and MasterCard.

Additionally through its solutions CLAI PAYMENTS® has established tools for managing RSA asymmetric keys such as importing private and public keys, as well as the option encrypted with public keys for the call from other application formatted with length keys from 512 to 4096.

For more information please leave us your details a specialist will contact you shortly.

Want to know more?