Striata ePIN - Securely delivering bankcard PINs electronicPublished on 03 Feb 2010
“Safeguarding the customer’s PIN, from generation to distribution”
The ability to securely deliver PINs to cardholders while reducing the cost of delivery is a priority for every card issuer and financial service provider.
Sending PINs through traditional mail is costly, time consuming, and more importantly, highly insecure. Striata ePIN provides real business benefits, including improved customer service, cost savings, and peace of mind to both the cardholder and the card issuer.
Striata has been an industry leader in supplying secure document delivery solutions to financial institutions for over ten years. The Striata ePIN solution uses this same technology and functionality to provide financial institutions and other card issuers with a secure, stand-alone PIN distribution system that safeguards the PIN from generation to distribution, ensuring that only the customer has access to their PIN.
Security is at the core of all PIN based transactions. While cardholders must be cognizant of keeping their PIN a secret, the matter of PIN privacy originates with the card issuer.
The Highest level of Security
Striata ePIN meets the global PIN distribution requirements issued by VISA, by ensuring the security and privacy of the PIN throughout the delivery process. This is achieved for both the request and delivery of the PIN, via multiple channels and varying security levels.
The card holder may request the PIN using SMS, email, IVR and the Web. Delivery of the PIN is dependent on the customer profile and the security level required. The highest level of secure delivery is obtained by sending an encrypted PIN directly to the card holder’s email address, together with a one-time password (OTP) required to access the encrypted PIN, sent to the card holder’s mobile handset.
Three-factor authentication is the key to security. The person requests the PIN using their issued authentication value (something you know), receives the email (something you own i.e. access to you email box), and then enters the OTP received on their mobile phone (something you receive) to access the PIN. Multi-factor authentication in PIN delivery provides the basis for non-repudiation of financial transactions, which is an essential characteristic of card-based commerce.
PINs can be securely issued and managed over previously insecure mechanisms: email, the web and mobile networks, providing a wide range of benefits to both the cardholder and the card issuer, including the following:
- No paper, print or postage administration;
- Delivery is not reliant on local mail postal methods, which allows the PIN to be delivered faster and in many cases almost immediately;
- Enables the card holder to receive their PIN at their convenience;
- Provides proof of delivery of the PIN;
- Dynamic, personalized marketing can be included as part of delivering the PIN;
- The solution has excellent green credentials by making paper-based delivery or branch collection processes obsolete;
- Complies with requirements defined by Visa, and can therefore be used by any card issuer requiring electronic PIN distribution;
- Stand-alone secure solution designed to be easily integrated alongside existing PIN issuance methods;
- Flexible integration and can be adapted to each issuer’s individual requirements through a range of options for customization;
- Supports a number of security settings for the different encryption methods and key length versions;
- High level of security – 256 bit AES encryption;
- Provides HSM data protection during transfer and for data at rest;
- Data confidentiality – no cardholder account or personal data is stored in the system