Unique Key Per Device: Retail Key Management,
requires each PIN encryption device to contain a unique key.
Many organizations that drive ATMs
mistakenly assume that downloading a unique key
encrypted by a manually loaded key that is global
in scope or is not secret, is compliant with
standard X9.24. However the initial key must also
be unique as well as secret.
unique initial key per ATM is a
particularly difficult task due to the complexity
of the required key management procedures.
Traditional methods, which focus on the control of
individual key components, require large numbers
of key custodians making them cumbersome and
inefficient. Institutions that have attempted to
gain compliance by securely generating keys at the
host location, splitting them into components, and
distributing these to the ATMs, quickly realize
the logistical complexities and costs of manual