Security Methods
When determining which personnel should have responsibility for making submissions to BACS or authorising payment files, an enterprise needs to decide whether the PKI process should be manual (attended), automatic (fully unattended) or a combination (manually authorised and automated submission). An attended submission requires a smart card and the latter two methods require a Hardware Security Module (HSM) device. |
|
 |
Smart Card
Smart cards are issued to each BACSTEL-IP contact. This key is used for authenticating the contact to BACSTEL-IP and signing payment files prior to submission. The contact must manually enter the smart card PIN to authorise each signing operation. Smart cards are generally adopted by organisations with a lower throughput of BACSTEL-IP traffic or a single payment point.
SAA and Smart Cards
The REIMS products have been approved to work with all the main smart card types including Datakey, GemSAFE, Oberthur and Schlumberger.
HSM
HSMs are an established technology, widely used throughout the financial services industry. Providing a tamper proof solution, HSMs enable the secure communication of sensitive information via dedicated hardware. A number of organisations have a requirement to use HSMs to secure their Private Signing Keys. These organisations typically have one or more of the following requirements:
- Automated operations and connectivity
- Large volumes of payments to submit
- Integration of their IT infrastructure with BACSTEL-IP submissions and reports.
In respect of unattended operations, HSM-based submissions will support automated signing and submission. In this scenario there will be no requirement for the BACSTEL-IP contact to manually enter the authentication PIN for each signing operation. The user application software will have the capability to both sign files and submit these to BACS in an automated fashion by authenticating itself directly to the HSM. In addition, BACSTEL-reports can be retrieved automatically and the content used to integrate into back end applications.
The REIMS Resilient Architecture: Flexibility, Automation and Resilience
Through the use of flexible HSM and smart card based authorisation options, you can streamline your payment authorisation processes by taking advantage of either unattended or attended authorisation as required by the business process for a payment application. SAA have derived and recommend the REIMS Resilient Architecture which provides an installation with no single point of failure, with advanced process duplication and with Disaster Recovery built in.
SAA and HSM Approval: Eracom, nCipher, SafeNet and Thales
Based upon extensive experience with secure commerce solutions and business integration for over fifteen years, SAA has recognised the merits of implementing an HSM to meet the needs of the larger organisation with a more complex IT infrastructure. As a result, SAA has joined forces with the main HSM manufacturers to provide a REIMS BACSTEL-IP solution with the option of implementing HSM. In addition, BACSTEL-reports can be retrieved automatically and the content used to integrate into back end applications.
REIMS Payment Management Server for HSM and REIMS Payment Management Bureau Server have received approval from BACS to provide automated submission services for BACSTEL-IP with the four major HSM suppliers: Eracom Technologies, nCipher, Thales and SafeNet.
top
|
