TDES is the American National Standards Institute’s (ANSI)-sanctioned encryption algorithm standard used by all debit-capable transaction terminals for PIN encryption. TDES (also known as Triple DES, TDES or 3DES) was developed to add more security protection in combating potential security breaches by being more secure than its predecessor, Data Encryption Standard (DES).
When performing the encryption algorithm, TDES uses three independent key parts, versus one algorithm used in DES. The TDES algorithm uses either a 16-byte, “double-length key” (32 hexadecimal digit) or a 24-byte, "triple-length key” (48 hexadecimal digit) key. The encryption algorithm is run three times both with the double and triple-length key.
Security upgrades mandated by Visa® required that all debit-capable, point-of-sale PIN-entry devices (POS PEDs) comply with the TDES by July 1, 2010. Any U.S. merchant accepting PIN debit transactions who did not comply with the TDES requirement by July 1, 2010 is at risk of losing the ability to accept PIN debit transactions. Merchants may also face Visa enforcement for not using TDES on all attended POS after August 1, 2012.
To ensure that your POS PEDs are TDES compliant, the link below provides a list of compliant devices, by model name and part number. You can find the model name on the front of the POS device or adjacent to the display or printer mechanism. The part number will be located on the back of the POS device and will begin with P/N.
If there is an exact match to any of the POS PEDs listed, your POS PED meets the TDES requirements. If you are unsure whether there is a match, or you do not find your POS PED on the list, please contact us for assistance.
Does this upgrade only affect Chase Paymentech merchants?
No. Visa made it mandatory for all merchants to upgrade their POS PEDs with TDES by July 1, 2010. Visa instructed its members, the acquiring financial institutions and processors to manage compliance. Chase Paymentech has notified all of our customers of these changes.
Who will fund the TDES upgrade?
Merchants will be responsible for the costs associated with their upgrade if they wish to continue accepting Visa PIN debit cards. Pricing and equipment upgrades will vary depending on the age of the merchant’s current equipment, type of equipment and POS network service provider.
Will TDES require purchasing new equipment?
It is possible that some Chase Paymentech merchants are using debit-capable transaction terminals that are TDES-capable. However, they would need to be injected with the necessary TDES encryption keys. As mandated by Visa, a merchant with a TDES-capable POS PED may upgrade simply with an injected POS PED. A merchant with a non-capable POS PED must purchase a capable, injected POS PED.
Does Visa have documentation on this security requirement?
Additional information may found on the Visa’s PIN Security and Key Management Program site.