According to Gerhard Claassen, Managing Director of the Crypto Business Unit at JSE-listed, secure electronic payments company, Prism Holdings, the major card companies - Visa and MasterCard - have stated that by end-2003 all Host-to-Host PIN communication, such as that used in ATMs, must be triple DES (T-DES) based. In addition, by the end of 2005, all PIN entry devices will have to be T-DES based.
"At present, the standard encryption method used in ATMs and POS systems to protect card users' PINs is known as single DES (Data Encryption Standard) or S-DES. However, the S-DES cryptographic algorithm has been cracked," he explains. "While it took a specially built algorithm cracking machine 22.75 hours to break the S-DES code, it means that devices which rely on S-DES for security can no longer be considered totally secure. Hence the requirement that S-DES-based security be upgraded to far stronger T-DES."
The link for this article located at ITWeb is no longer available.
