Certified and secure into the digital future

Increasing acceptance of digital payments and new payment methods necessitate secure payment systems

Secure payment systems take precedence for financial institutions and banks. Customers are increasingly embracing digital payments, a trend accelerated by the Covid-19 pandemic. As digitalisation expands, the payment industry enters a new era with emerging new payment models. Consumers now adopt mobile payments, immediate payments, and eWallet solutions alongside traditional cash, debit, and credit cards. This evolving payment landscape underscores the need for secure payment systems, given the surge in cybercrime incidents like phishing and fraud, particularly during the pandemic.

With the proliferation of digital financial services and e-commerce, cybercriminals can now target a wider user base and online accounts with social engineering attacks.

Given the severe repercussions of such breaches, it is imperative that payment systems are safeguarded by dependable and established cryptographic cybersecurity solutions. Simultaneously, the banking and financial services sector mandates stringent adherence to rigorous IT compliance requirements and regulations from all stakeholders.

‘By 2027, global non-cash transaction volumes are set to reach a volume of 2.3 billions – compared to 1.3 billions in 2023. An annual increase of 15%.’

(Source: Capgemini, ‘World Payments Report 2023’, September 2023)

One market – many challenges

achelos offers payment service providers an extensive portfolio of products and services for secure payment systems.

We adopt a holistic approach, including expert guidance from our experienced security professionals, custom development services, and support with auditing and successful operation of the new solution.

Our strategy involves harnessing established, certified products sourced from our reliable partner network.

Partner von achelos sind Utimaco, Securosys, Thales und Entrust

Digital payment systems

Digital payment systems are subject to exceptionally rigorous compliance requirements. They must undergo certification or authorisation in alignment with relevant standards, notably PCI PTS HSM, DK, and FIPS 140-2 Level 3. 

In December 2014, the PCI Security Standards Council (PCI SSC) introduced requirement 18-3, Key Blocks, within the PCI PIN Security Requirements. This requirement significantly enhances the safeguarding of symmetric keys shared among payment system participants for protecting PINs and other sensitive data.

It is structured into three implementation phases and applies to all participants in the PIN Security Program:

  • Phase 1: Implement key blocks for internal connections and key storage within service provider environments. This encompasses all applications and databases connected to hardware security modules (HSMs). Phase 1 came into effect on 1 June 2019.
     
  • Phase 2: Implement key blocks for external connections to associations and networks. Effective date: 1 January 2023.
     
  • Phase 3: Implement key blocks for all merchant hosts, POS devices and ATMs. Effective date: 1 January 2025.

The key blocks utilised must comply with the ANSI standard ASC X9 TR 31-2018 ‘Interoperable Secure Key Exchange Key Block Specification’ or a comparable key format meeting the stipulated requirements. Additionally, the solution must be certified in accordance with PCI PIN and/or PCI PTS HSM. Proprietary formats are still commonly used today, but they must be replaced or certified in compliance with the new requirements.

Digital payment

Cross-border security in the payment system through ISO 20022

Historically, there was a lack of standardised international formats for messages in financial and payment transactions. The Payments Market Practice Group (PMPG) addressed this issue by introducing the ISO 20022 standard, which establishes a secure, standardised format for financial and payment messages exchanged between countries, customers and banks. Payment transaction processes are described using a defined methodology and rely on message and file types in XML data format. 

ISO 20022 operates based on a central repository that offers free access to all information.

Moving forward, all parties involved in payment transactions will systematically adopt this new standard, or risk losing access to critical payment networks. These changes have technical implications for existing payment systems and simultaneously drive the evolution of payment services and global trade.

On 20 March 2023, cross-border payments via SWIFT were converted to an ISO 20022-based message standard. Since then, payment transactions have been in a multi-year coexistence phase between MT and MX formats. Passive accessibility for MX formats has been mandatory since 20 March 2023. All banks must have switched to the ISO 20022 standard by the SWIFT release in November 2025 at the latest.

When transitioning to ISO 20022, banks, retailers and companies must consider several factors. achelos will demonstrate how existing infrastructure can be optimally adapted to meet these new requirements!

Secure card payment with Girocard | SECCOS®

SECCOS® serves as the official operating system (OS) for chip cards within the German banking industry, underscoring its unique role within the German EMV environment. The Girocard with the SECCOS® operating system stands out as one of the most popular and secure means of payment in Germany. Its approval process is rigorous and highly structured. Approval by the Deutsche Kreditwirtschaft (DK) for the development environment is mandatory and subject to regular re-authorisation through site visits.

We are your specialised partner for cybersecurity in payment transactions.

Any questions? Your contact person for queries in this field is:

Carola Schwarzenberg

Strategic Sales

carola.schwarzenberg@achelos.de +49 5251 14212-321

Downloads and Information

Speeches Whitepapers