AWS Payment Cryptography now supports card issuing use cases
Today AWS Payment Cryptography announces additional support for common cryptographic commands used for card issuer processing, including new PIN (personal identification number) capabilities for EMV PIN change, cardholder-selectable PINs and PIN reveal. The EMV PIN change feature allows issuers to create secure payloads to update PINs stored on the EMV chip of a credit or debit card. Cardholder-selectable PINs and PIN reveal enable customers to offer cardholders the ability to set or retrieve PINs through a mobile application in a PCI-compliant manner with end-to-end PIN data encryption. With AWS Payment Cryptography, customers can migrate their payment processing workloads to the cloud while leveraging an elastic payment cryptography service that adheres to PCI PIN security requirements.
In countries such as Europe and Canada, PINs stored on the card’s EMV chip are the primary method of cardholder verification and allows the card’s chip to verify the PIN offline without needing to transit the pin to the issuers backend. With EMV PIN change, issuers can generate the appropriate EMV and scheme specific authenticated scripts to update offline PINs. Issuers can also use the cardholder-selectable PIN and PIN reveal to allow users to set or retrieve forgotten PINs through a web or mobile application. These features work alongside existing issuing functionality such as EMV and CVV validation to support issuer’s transaction processing.
These features are available in all AWS Regions where AWS Payment Cryptography is available. For detailed information and samples for utilizing the new PIN management features, please download the latest AWS CLI/SDK and review the AWS Payment Cryptography Developer Guide.