Capacitive Touch - Secure Payment

Magtek Secure Capacitive Touch Pin Pad Payment Device

Project Description

Magtek partners with Blue Sparq - Rapid Keypads to design and manufacture a capacitive touch secure pin pad for their new prototype ipad payment device.

Encrypting PIN Pads (EPPs) are used to enter a cardholder’s PIN in a secure manner. EPPs are used in

  • ATMs
  • Automated fuel dispensers
  • Kiosks and
  • Vending machines

Our Fast-touch system contains driver electronics that is capable of handling the following Ciphers

  • AES:128-bit, 192-bit, and 256-bit key sizes, CBC, ECB, CTR, CFB, and OFB modes
  • DES/TDES:CBC, ECB, CFB, and OFB modes

The driver electronics also has the following authentication engines available. They are:

  • SHA-1
  • SHA-256
  • MD-5
  • HMAC operation (for all authentication engines)

There are several PCI restrictions one must be mindful of when designing a capacitive touch based EPP. Some of them are:

  • EPP must use tamper-detection mechanisms against physical penetration using drills, lasers, chemical solvents etc.
  • EPP must have response mechanisms if physical penetration does happen. The mechanism must render EPP to become immediately inoperable and result in the automatic and immediate erasure of any secret information that may be stored.
  • If PIN entry is accompanied by buzzer tones, then the tone for each entered digit is indistinguishable from the tone for any other entered PIN digit.
  • EPP should not be rendered less secure or vulnerable by changing operating or environmental conditions.
  • EPP performs a self-test, which includes integrity and authenticity tests upon start-up
  • If the secure pin pad allows firmware updates, the device cryptographically authenticates the firmware integrity and if the authenticity is not confirmed, the firmware update is rejected and deleted.
  • Several manufacturing and handling requirements

We have a plan to deal with all of the PCI requirements to design develop and deliver a secure pin pad.

The picture on the left shows a Magtek Payment Device. We provided a capacitive touch keypad with a special texture that avoids leftover pressed fingerprints. This adds a double security to the customer itself and the seller insuring that previously pressed pins cannot be traced.

