The countdown begins for upcoming PCI mandates, as enhanced requirements for PIN security and data protection will take effect in the ATM industry from 2025 onwards. Beyond implementing industry compliant encrypting PIN pad (EPP) hardware, all ATM deployers must ensure their software supports TR31 key blocks. This article briefly summarizes the ATM software implications.
Understanding remote key loading and TR-31 key blocks
All ATM transactions involve the exchange of sensitive data such as PINs between card acquiring host systems and end-user devices. A variety of strategies are used to prevent this communication from being intercepted and leveraged by attackers – including cryptography that renders data unusable to outside parties. This starts with remote key loading, which involves sending a master encryption key from a centralized location straight out to the ATM EPP in the field.
As part of the key loading process, the PCI Security Standards Council (SSC) is mandating key blocks as the structures for managing encrypted keys to ensure data is protected and used only as intended. TR31 is the accepted protocol for key transportation via this method. ATMs need to comply with new EPP hardware and software requirements for TR31 key blocks by January 1 2025 to avoid losing vital transaction functionality.
KAL software delivers PCI-compliant remote key loading capabilities
As a world-leading ATM software provider and PCI SSC member organization, KAL is ideally positioned to help ATM deployers adopt industry-compliant technologies. Our Kalignite Terminal Host (KTH) card acquiring host system is developed in line with PCI requirements with out-of-the-box support for remote key loading, TR34 and TR31 key blocks. As with all KAL solutions, KTH is compatible with ATM hardware devices from over 40 different manufacturers (including the latest EPP components).
To learn more about utilizing KTH for secure remote key loading, please send your query to the KAL team via