Dara Security

Clarifying Key Blocks

December 05, 2019

Key Blocks is an important requirement within the PCI PIN Security Standard.  This requirement focuses on protecting the integrity of the encrypted key and is critical in cryptography.  The Key Blocks requirement helps to prevent cryptographic keys from being misused as well as protects cryptographic keys from unauthorized modifications or substitutions.

The Key Blocks security method should be implemented alongside other applicable industry standards and is applicable to those seeking to comply with the PCI PIN Standard.  All acquiring entities and those responsible for processing PIN transactions would be candidates for the use of Key Blocks.  Implementing Key Blocks could also depend on individual brand requirements.  Qualified PIN Assessors (QPAs) can help with Key Block applicability and overall PCI PIN compliance as they have received training and approval by the PCI Council to conduct PCI PIN assessments.

In order to allow organizations a smoother transition to the requirement, implementation of Key Blocks occurs over the following three phases:

Phase 1:  Implement Key Blocks for internal connections and key storage within service provider requirements.  The effective date for Phase 1 was June 1, 2019.  The expectation is that service providers currently comply with Phase 1.

Phase 2:  Implement Key Blocks for external connections to associations and networks. The estimated effective date for Phase 2 is June 1, 2021.

Phase 3:  Implement Key Blocks to include all merchant hosts, POS devices, and ATMs.  The estimated effective date for Phase 3 is June 1, 2023.

Implementation of each phase can be done up to and including the effective date for that particular phase, with the idea that an earlier implementation will help secure payment systems earlier on.

Our in-house QPAs are ready to assist you in understanding and implementing this essential requirement as well as achieving overall PCI PIN compliance.