Eugene, OR (December 14, 2009) — Arroweye Solutions, Inc., recently implemented Prime Factors' Bank Card Security System (BCSS) to help the on-demand card manufacturer become a member of the Visa® Approved Card Vendor Program. By employing BCSS versus the more traditional method of in-house custom programming, Arroweye was able to both expedite its market launch and complete the project at a 75-percent cost savings.
To enter the open loop prepaid market Chicago-based Arroweye needed to pass Visa security audits. Brian Huse, Arroweye's chief information officer (CIO) and vice president of research and development, led the project to become Visa-certified. Requirements to pass the audit for secure card manufacturing included key management and the ability to generate security codes (CVVs) using a host security module (HSM).
Arroweye selected BCSS after Huse performed a thorough assessment of the programming required to perform security code calculations and implement key management. Huse said BCSS was implemented on a Windows platform for 25 percent of the cost of developing the software internally.
"Frankly we would not have gotten nearly as complete a product," Huse said. "And BCSS turned a six-month, in-house development project into a six-week project."
Time to market was important for Arroweye, which recently introduced a revolutionary card manufacturing process to the open loop prepaid market. The unique just-in-time production process eliminates pre-manufactured card inventory, reducing cost and obsolescence. It uses a digital work-flow to create fully customized card designs of any quantity and in as few as 24 hours. The on-demand production process simultaneously prints, manufactures and personalizes Visa prepaid cards in a single automated operation.
Huse evaluated HSMs early in the process and determined that it would require significant programming to incorporate an HSM into Arroweye's manufacturing process. BCSS has a library of subroutines (more than 100 functions) which process Thales HSM host commands, access the BCSS database and validate parameters. Therefore, BCSS eliminated Arroweye's need to code Thales' proprietary host commands.
BCSS includes subroutines that work with Thales HSM to create a variety of security codes including the ones Huse needed—CVV1s and CVV2s.
"The algorithm for calculating the CVV values can be intimidating," Huse said. "We sought to find a partner that could recreate that code and ensure 100 percent flawlessness."
While programming the algorithm to create security codes is complex, Huse said developing a key management system is even more challenging.
"The more we learned about the complexity of the software integration with the HSM and the key management requirements," Huse said, "we realized the need for a fully integrated and proven solution."
BCSS is used by the leading secure personalization bureaus world-wide. It provides complete key management and secure storage of all keys required for secure card issuing and verification processes. BCSS and the Thales HSM work together to deliver key management functionality including key generation, key distribution, key loading, key storage and key usage.
Source: Prime Factors (www.primefactors.com)