COVID-19: Delap’s workforce is currently working remotely and our offices are closed until further notice. For more information about our remote work arrangements and continued service Click Here. Looking for COVID-19 related resources? Click Here.

Delap is here to guide you in every stage of your financial journey. Learn How

Services

PIN Security & Key Management Compliance Training

Explore Cyber Training Services

National Registry of CPE Sponsors Logo

National Association of State Boards of Accountancy

Delap is registered with the National Association of State Boards of Accountancy (NASBA), as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through their website: www.nasbaregistry.org.

Core Class

Level: Basic   |   Prerequisites: None

The group-live core training course is designed to provide both internal and external auditors with the necessary tools to complete the PIN Security Compliance reviews for payment networks such as NYCE Payments Network, LLC, Pulse® Corporation, and STAR® Network.

Day One

  • Processor and Auditor Responsibilities
  • Compliance Review Objectives
  • TR-39 and PCI PIN Security Requirements History
  • Network Respondent Forms
  • Symmetric Key Management Introduction
  • Key Names and Hierarchy
  • Cryptogram Notation
  • Diagram of PIN Transaction Flow
  • PIN Translation
  • PIN Block Formats
  • Exclusive-or
  • Key Check Values
  • Characteristics of SCDs
  • Group Project

Day Two

  • Key Management Methodologies
  • Key Blocks
  • Key Strengths and Algorithms
  • Key Life Cycle General Principles
  • Key Life Cycle Controls
  • Approved Key Methodologies
  • Group Project

Day Three

  • Review PCI PIN Security Control Objectives and Requirements
  • Techniques for measuring compliance

'Refresher' Classes

A “refresher” class is required every 24 months. We offer refresher classes based on X9 standards and PCI PIN Security Requirements v3.0 as described below. Course also includes Remote Key and Distribution Host and Introduction to EMV. Core Class can also satisfy this requirement.

2020 Delap CBT Course – Remote Key Distribution Host and Introduction to EMV

Level: Intermediate   |   Prerequisites: Core Class

Self-Paced Computer-Based Training Modules

This course is designed to be a self-paced computer-based training course. The certificate provided at the end may be used to as evidence of relevant refresher training that satisfies the networks requirement for CTGA refresher courses for 2020.

The course covers PIN Security and Key Management as it relates to Remote Key Distribution by a Key Distribution Host and the basics of an EMV transaction.

The course is made up of:

  • 9 Key Distribution Host Modules with Quizzes
  • 5 Introduction to EMV Modules with Quizzes
  • Final Exam Module

Delap CBT Mini Modules

Delap has undertaken the development of some short and targeted training modules for specific aspects of securing PINs and cryptographic keys. New Mini Modules will be added as they are developed.  If you have a topic that you would like to see us cover, please click the Ask Us button at the bottom of the page, and let us know.

2020 CBT Mini – Introduction to Payment Keys

Level: Beginner   |   Prerequisites: None

Self-Paced Computer-Based Training Module

This short training module provides an introduction to the keys used for payments.  It includes both the Acquiring and Issuer zones.

2020 CBT Mini – Introduction to Dual Control, Split Knowledge, and Separation of Duties

Level: Beginner   |   Prerequisites: None

Self-Paced Computer-Based Training Module

This is a short training module, providing information and examples of Dual Control, Split Knowledge, and Separation of Duties.

2020 CBT Mini – Managing Key Components

Level: Beginner   |   Prerequisites: None

Self-Paced Computer-Based Training Module

This short training module provides an overview of the basic concepts for managing cryptographic key components.

2020 CBT Mini – Key Custodian Teams

Level: Beginner   |   Prerequisites: None

Self-Paced Computer-Based Training Module

This short training course provides information and consideration points for choosing Key Custodian Teams.

'Refresher' Classes

A “refresher” class is required every 24 months. We offer group-live refresher classes based on X9 standards and PCI PIN Security Requirements v3.0 as described below. Course also includes Remote Key and Distribution Host and Introduction to EMV. Core Class can also satisfy this requirement.

2-Day Refresher Class (CPE 16 credits)

Level: Intermediate   |   Prerequisites: Core Class

Day One

  • High Level Review of Symmetric Keys
  • Remote Key Distribution using Asymmetric Cryptography
  • Trust Models
  • Asymmetric Key Management Principles
  • Review of PCI PIN Security Requirements for a Key Distribution Host

Day Two

  • Chip Card Technology
    • Concepts of Contact Chip Cards for ATM and POS
    • Introduction to EMV Specifications Documents
    • PIN and Sensitive Data Security
    • Key Management
    • Online and Offline PIN transactions
    • Group Project

3-Day Refresher Class with PCI PIN (CPE 24 credits)

Level: Intermediate   |   Prerequisites: Core Class; 2-Day Asymmetric Class  |   Location: Client Site Only

Symmetric Key Management Review, ANSI/ISO/Network Updates, PCI PIN v3, Introduction to EMV and E2E

Day One

  • Updates on relevant ANSI Standards and Network Operating Rules
  • Review Control Objectives in the ANSI X9/TR-39 Current Version, Section 4
  • Group Projects:
    • Analysis of Reports/Application to TR-39 Section 4
    • Analysis of Various Work Papers/Application to TR-39 Section 4

Day Two

  • Review Control Objectives and Requirements in PCI PIN Version 3.0, Transaction Processing Operations
  • Techniques for measuring compliance

Day Three

  • Chip Card Technology
    • Concepts of Contact Chip Cards for ATM and POS
    • Introduction to EMV Specifications Documents
    • PIN and Sensitive Data Security
    • Key Management
    • Online and Offline PIN transactions
    • Group Project
  • E2E (End-To-End Encryption)/P2PE (Point-To-Point Encryption)
    • Concepts of Encrypting Sensitive Data for Transport and Storage
    • Update on the ANSI Standard X9.119
    • Sensitive Data Security
    • Key Management
    • Group Projects (Lab & Diagram EMV transactions)

2-Day Asymmetric Key Class (CPE 16 credits)

Level: Intermediate   |   Prerequisites: Core Class  |   Location: Client Site Only

Day One

  • Concepts of Public Key Infrastructure (PKI)
  • Remote Symmetric Key Distribution Using Asymmetric Methods Described in ANSI X9.24, Part 2 for:
    • ATM Key Loading
    • POS Key Loading
    • HSM Key Loading
    • ‘Proxy Host’ Solutions

Day Two

  • Obtain an understanding of each control objective in the ANSI TR-39 current version, Section 5 including updates to X9.24 Part 2 — 2017
  • Review PCI PIN Security Requirements v3.0 Amex AI

All Classes Meet the Network Requirements for “Refresher Class”

Class Times — (All Classes, unless noted otherwise): Daily 8:00 AM to 4:30 PM

Other Services

  • ANSI TR-39 and PCI PIN Security Consulting and Training
  • Network required ANSI TR-39 and PCI PIN Security Compliance Reviews
  • PCI DSS Assessments
  • Symmetric and PKI Consulting for Retail Banking Industry
  • SOC Reports
  • IT Security Audits and Consulting
  • Incident Management and Response

Additional computer-based training modules are planned for 2021. Stay tuned!

other services graphic

Have a Question?