支付新形勢：與威脅俱進的安全機制

The Payments Landscape: Evolving Security for Evolving Threats

何塞．迪亞斯(Jose Diaz)；Eric Chow

點對點加密 ； 移動銷售點 ； 主機卡模擬 ； 密鑰管理 ； 支付卡行業數據安全標準 ； P2PE ； mPOS ； HCE-Host Card Emulation ； Key Management ； PCI-DSS

電腦稽核

34期（2016 / 08 / 20）

93 - 98

繁體中文

mPOS（移動銷售點─mobile POS）技術正在真正徹底地顛覆面對面交易。任何商家，無論其規模大小，都將不再受限於功能有限的固定的POS終端──因為mPOS技術能夠創造全新的機會，隨時隨地接收卡支付，同時讓消費者和商家獲得更加豐富的使用體驗。由於其能夠提供安全靈活的、代替現金的電子支付方式，因而有助於擴大支付卡的應用，並且可以利用現有成熟可靠的支付卡網路，儘量減少PCI DSS合規要求對商家的影響。基於硬體的安全措施為整個mPOS生態系統提供安全保障。安全讀卡器在採集點對磁條卡和EMV晶片卡的資料進行加密。基於硬體的點對點加密技術讓很多人可以在PCI DSS標準範圍之外接受卡支付，而且對於已習慣於使用傳統POS終端來接受卡支付的商家來說，也不會因採用PCI DSS標準而增加他們的負擔。硬體安全模組（HSM-Hardware Security Module）能夠增強安全性、簡化安全合規審計過程、限定支付服務提供者（PSP）的風險和責任。通過保護金鑰和持卡人資料並確保易受攻擊的不可靠元件（移動設備和移動網路）不會損害支付交易的完整性，HSM在為系統提供必要的信任方面發揮了重要作用。泰雷茲HSM對於mPOS系統的安全保護作用已在全球範圍內得到驗證，通過提供低風險且靈活的安全解決方案，確保收單銀行和支付服務提供者的關鍵支付基礎設施保持24x7正常運行。

mPOS (mobile POS) is truly revolutionizing face-to-face transactions. No longer are merchants of any size restricted to fixed POS terminals with limited functionality - mPOS creates new opportunities to accept card payments at any time, any place with a much richer experience for both the consumer and the merchant. The ability to offer a secure, flexible electronic alternative to cash helps expand card acceptance and leverages the existing proven and robust card scheme payment networks, while minimizing the impact of PCI DSS compliance for the merchant. Hardware-based security underpins the whole mPOS ecosystem. Secure card readers encrypt the card data at the point of capture for both magnetic stripe and EMV chip cards. Hardware-based point-to-point encryption keeps many people accepting card payments out of scope for PCI DSS and does not add to the PCI DSS burden for merchants already accepting cards using traditional POS terminals. HSMs (Hardware Security Modules) improve security, simplify security compliance audits and limit risk and liability for PSPs. HSMs provide a critical role in establishing the essential trust in the system by protecting keys and cardholder data and ensuring that the untrusted and potentially vulnerable elements (the mobile devices and mobile networks) cannot compromise the integrity of the payment transaction. Thales HSMs are proven in mPOS systems globally, offering acquirers and PSPs a low risk and flexible approach to maintaining a 24x7 critical payment infrastructure.

1. Ponemon Institute LLC(2015).,USA:Ponemon Institue LLC.