ATM Terminal Master Key - TMK

Nov 20, 2014 at 11:27 AM
Hello,

As per PCI-DSS standard, keys have to be encrypted and clear keys should not be stored anywhere inside the application.

In this case, why the ATM is storing clear TMK (entered by a supervisor at the ATM )?
So why storing clear key part of the application is not allowed where keeping a clear TMK at the terminal level is accepted?

Thanks,
HS
Editor
Nov 21, 2014 at 8:33 AM
Hi,

The ATMs and POS terminals stores keys in secure environment in PIN pad. It is allowed by PCI-DSS.

Regards,
Juris
Nov 21, 2014 at 8:05 PM
Hello,

Thanks your answer.

PIN pad used when entering the key, but the ATM store the TMK in clear format and anyone has an access "supervisor" can get the clear key.

Thanks,
HS
Editor
Nov 22, 2014 at 8:26 AM
Hi,

No, ATMs stores keys in very secure manner and no one can access it. You can access only check values of the keys.

Regards,
Juris