What is Triple DES?
Triple DES (Data Encryption Standard) is the new encryption standard being mandated by Visa and MasterCard. It replaces the existing standard simply known as DES or Single DES. Triple DES refers to the encryption or “scrambling” of the Personal Identification Number (PIN) that the ATM user enters during the ATM transaction process. This encryption is done after the PIN number is entered, but before the ATM requests transaction authorization at the ATM network. The name Triple DES was given to the new encryption standard because the PIN number entered by the ATM user is encrypted three times. The first encryption takes place using the first half of an assigned double length key (series of numbers or letters) to encrypt the PIN. The second operation required as part of the new standard calls for de-encryption of the previously encrypted PIN using the second half of the assigned double length key. The third operation requires the reuse of the first half of the double length key to re-encrypt the PIN. This encryption process may also be referred to as two-key triple encryption. The new requirement is for the Triple DES encryption to occur inside the keyboard/encryptor, and subsequently the newly encrypted PIN is not available to the network or ATM application software until the PIN is fully encrypted. The new keyboard and encryptor combination device is called an Encrypting Pin Pad or EPP, and is different than the encryptors offered on previous ATMs. On previous ATMs, the encryptor board and the keyboard were separate components, making them less secure than the new EPP.

Why is it required?
Concerns have grown over the vulnerability of the present standard, DES. In 1999, an industry approved academic project called DESCHALL 111 successfully used a network of computers to crack the DES encryption code. This was accomplished in less than 24hours, showing that this type of attack was possible and affordable (the hardware used to do this cost $250,000), although it has never been accomplished in the real world. As a result of this study and the ever increasing access to more and more powerful computers for fewer and fewer dollars, Visa and MasterCard are mandating that all PIN numbers be encrypted using the more advanced Triple DES Standard to prevent the potential theft of PIN numbers.

When do I have to comply?
April 1, 2002 - All newly installed ATMs, newly installed merchant terminals that accept PINs, and Cardholder Activated Terminals must be Triple DES capable by this date. That is, they must be capable of adhering to the Triple DES at the point of transaction. “Newly installed” refers to new ATM placements, ATMs being replaced at an existing location, and ATMs relocated from another location. This also includes POI terminals. April 1, 2003 - All member processor host systems (networks) must use Triple DES compliant in accordance with Triple DES. April, 2005 - All ATMs must be Triple DES compliant.
Note: The dates listed above were the original dates set forth by Mastercard. Some of these dates have been changed as individual network processors have asked for extensions. Ultimately, your network processor will inform you of the dates that they will expect for you to be in compliance.

Which ATMs are upgradeable?
Generally speaking, an ATM that has a PC inside will be upgradeable and those ATMs that do not have a PC should not be considered upgradeable. All NCR 50XX (5070, 5088, 5085) are firmware based ATMs which have not been in production for over eleven years and creating and implementing a fix would be cost prohibitive. Quality parts for these machines are much harder to find and prices for such are increasing accordingly. Furthermore, if current ADA legislation passes, all ATMs in the near future will require a standardized keyboard and audio lead through which cannot be supported by firmware based ATMs.
All NCR 56XX (i.e. 5670, 5674, 5674, etc) & Personas (5870, 5875, 5886, 5890, 5588, etc) can be upgraded for Triple DES encryption.

What needs to be done to upgrade an NCR ATM?
1. Replace the keyboard and HI-BAPE encryption board.
Install a new ANSI and Encrypting Pin Pad (EPP) keyboard. The encryption board is built into the keyboard. The keyboard will meet both the
ADA requirement for the ADAAG (Americans with Disabilities Accessibility Guidelines) requirements as well as Triple DES requirements.
2. Software Upgrade.
To implement the ANSI and EPP keyboard will require a change to the reserve screen file in NDC because of the relocation of the “Enter”,
“Clear”, and “Cancel” keys.
All ATMs will be required to run OS/2 Warp 4 and US NDC release 5.05.

What will it cost to upgrade my ATM?
This depends on a few different criteria:
1. What Model ATM is being upgraded
2. What processor chip is currently installed in the ATM (386, 486, Pentium, etc)
3. How much memory is installed in the ATM

Anytime you add current software (for whatever reason) to an existing system you need to make sure you have a fast enough processor and enough memory to be able to run the new software. Most upgrades will cost $2000-$5000 depending on the criteria listed above. Please contact us if you would like to receive a quote for your specific ATM(s).

Are there other, non-factory, solutions available?
There have been a few third party companies who have attempted to create a fix that will meet Mastercard and Visa’s mandate. Most of these companies have had little success. Before selecting one of these fixes be sure to check with your network processor as well as your ATM service provider. Both of these parties will need to certify any device attached to an ATM in order to maintain support and service for the terminal. It is also a good idea to check with the manufacturer of the ATM you are upgrading, as attaching any third party device may void warranties, license agreements, support, etc. NCR currently has not certified any third party fix.