Home > Products > Chip and Pin

Chip and Pin Solution

All retailers are concerned about the financial loss or brand reputational damage that can arise as a result of a card data security breach. From international high street retailers to independent stores, all retailers are potentially vulnerable to attacks by organised criminals to capture cardholder data.

As a participating organisation of the PCI Security Standards Council and the leading UK card payment solution provider, Commidea is at the forefront of defining new standards to help improve data security for retailers in the UK. Retailers accepting card payments must achieve and maintain PCI DSS compliance to help protect sensitive cardholder data, but with this comes a significant financial cost that can run into millions of pounds for large retailers.

Commidea has developed Ocius Sentinel; a solution that will help you achieve and maintain PCI DSS compliance at a fraction of the cost and secure sensitive cardholder data.

What is Ocius Sentinel?

Ocius Sentinel is part of an outsourced managed service provided by Commidea, a PCI Level 1 certified payment solution provider. Developed in-house by Commidea, Ocius Sentinel is a software application that resides on a PIN Pad within a PCI PTS/APACS Common Criteria secure environment providing dual-layer data encryption from the point of card data capture.

Sensitive cardholder data is encrypted by the PIN Pad using 168 bit 3DES encryption, utilising a unique dynamic key system generated using merchant and transaction specific data elements. This data is then further encrypted using a 2048-bit RSA algorithm key, before being sent to the Point of Sale.

As card data remains fully encrypted throughout this process, and the merchant has no ability to decrypt the data, cardholder information is effectively removed from the merchant's system, significantly reducing the scope and cost of achieving and maintaining the Payment Card Industry Data Security Standard. Cardholder data is only decrypted inside the secure environment of Commidea's ICP Managed Service prior to transmission to the acquiring bank.

Ocius Sentinel is the final piece of the jigsaw to provide end-to-end encryption of cardholder data significantly reducing the scope and associated costs of PCI DSS compliance for merchants. But Ocius Sentinel goes beyond compliance, providing a range of additional features, addressing issues such as PED Asset Management, including PED serial number tracking and swap out/power on-off alerts to help thwart physical attacks on PED assets.

Why are traditional PED based payment processingsolutions potentially vulnerable?

• Lack of encryption of sensitive cardholder data
• Ability for a physical compromise by way of device swap out or tampering of PIN Pad
• Vulnerability of a physical connection to a point of sale via USB/RS232
• Data residing in memory, albeit temporarily, is susceptible to malware attack
• In the case of local payment servers, these systems can represent a "honey-pot" of data, perfect for a potential attacker

Merchant Benefits of Ocius Sentinel

• Merchant no longer has access to any sensitive cardholder data
• Effectively removes merchant PoS and associated network from scope of full PCI DSS audit
• Reducing scope dramatically reduces the substantial cost of PCI DSS compliance for merchants, large and small
• Encrypted offline transaction storage now on the PED
• Dual Layer Encryption system, utilising 3DES Dynamic Key encryption and 2048-BIT RSA encryption
• Sophisticated PED Asset Tracking and Management System
• A mutual authentication system to ensure that data is only sent to and from genuine Commidea servers
• Online reporting of unusual or unexpected PED activity