| The following is the outline of topics to cover in the one day refresher training course for the Ansi Technical Guideline #3
(TG-3), “PIN Security Compliance Audit”. This is a follow up to the core day training course that enables auditors to do a thorough audit of PIN debit transactions based on the TG-3 audit objectives that all EFT networks now mandate for their members. We will cover the following:
· Use of Public-Private Key algorithm (also known as asymmetric algorithm) to perform ‘Remote Key Loading' in ATMs.
· Use of digital signatures for provide for integrity of Keys transferred between ATMs/HSMs, where remote key loading is deployed.
· Use of digital certificates, in conjunction with Public Key algorithms, to provide for authentication of Pin entry devices and Host processors.
· Role and operation of a ‘Certificate Authority' as a third party service provider, offering digital certificates used in ‘Remote Key Loading'.
· General guidelines on the lifetime of digital certificates, their issuance, management and revocation.
· Review of each control in the most recent release of TG-3 audit guideline section 5; Asymmetric Key Management.
· Review of other changes to section 4 of TG3 audit guideline.
· Latest updates with the major EFT networks; e.g. Star, Pulse and NYCE, requirements as it relates to TG-3 audits.
· Class Exercise.
For those who plan to take the network certification exam, that exam will be given the day after the refresher training. |
|
|
