• January 2025 deadline
  • Avoid your ATMs going ‘dark’!

Hyosung ATMs have been updated to support a more secure method of storing and securing encryption keys. The new standard TR-31 (“key blocks”) will be mandated by PCI (Payment Card Industry) for the transfer of keys to ATMs starting January 1, 2025. To transfer the master key from the host processor to the ATM in TR-31 format (Remote Key Loading), also requires implementation of another standard TR-34. TR-34 is also required by PCI (Payment Card Industry) when RKL is used.

Are all ATM required to support this mandate?

All ATMs will be mandated to support the required EPP version and related ATM software for the TR-31 key block standard. The EPP-8000 can support TR-31 with appropriate Firmware updates for manual key loading.  Additionally, Hyosung released EPP version X1 in 2020 which also meets the TR-31 standard, though you will need to ensure the correct SW is running on your ATMs. Hyosung EPP X1 supports TR-31 and TR-34 for Remote Key loading. All new ATMs purchased from Hyosung beginning in May of 2021 come installed with EPP-X1 hardware.

What about Remote Key Loading?

TR-34 is the new Remote Key Loading (RKL) ‘Process’ required for RKL of TR-31 Keys.  Hyosung EPP X1 (PCI 5.0) began shipping exclusively with new ATMs purchased since May of 2021 and support TR-31 and TR-34.  Note: TR-34 Requires Blueverse XTM v2.2.  

  • EPP-8000 PCI 3.0 SHA1/SHA2 does not support TR-34. TR-31 support only via manual key loading.

When is that deadline again?

PCI is requiring that ATM support will end by January 1, 2025, your ATM’s host processor will address the actual date when the non TR-31 key transfer method will no longer be available.  Please connect with your host processor to determine end of non TR-31 key transfer methods.

Will my ATM actually ‘go dark’?

The answer is ‘Yes’.  If your ATM or ATM EPP and SW has not been upgraded to support the TR-31 key block requirements, your host processor can stop accepting transactions from those non-compliant ATMs.

How can I get ahead of this potential issue?

You can upgrade your ATMs ‘now’!  Hyosung EPP X1 has been supported since January 2020 and the TR-31 software updates for EPP 8000 were available January 1, 2023.  Hyosung encourages you to plan and forecast your upgrade plans now versus waiting until a likely rush closer to the January 2025 date.   

Frequently Asked Questions

  • What EPP(s) support TR-34?
    • The current EPP X1 PCI 5.0 and newer with Blueverse XTM v2.2
    • EPP-8000 PCI 3.0 SHA1/SHA2 does not support TR-34 (RKL process)
    • Please contact your processor to ensure they support Remote Key Loading
  • Does the EPP-8000 PCI 3.0 SHA1/SHA2 support TR-31?
    • Yes, EPP-8000 is fully PCI 3.0 Compliant
    • Minimum EP version 10.01.03.00
    • Minimum SP Version 04.22.08
    • Minimum MoniAct version 01.00.51.07
    • BlueVerse Retail Release 01.01.00
    • Blueverse XTM v2.2
  • Will the EPP-8000 PCI 3.0 SHA1/SHA2 be PCI compliant with TR-31 even though it expired in April of 2021?
    • Yes, EPP-8000 is fully PCI 3.0 Compliant
    • Any like for like replacement of the EPP-8000 PCI 3.0 SHA1 would require a Manual Key Load
  • Is TR-31 support for MP2S Global Customers?
    • Yes – MP2S Global is supported for TR-31, manual key loading.
    • Please check with your processor for support of TR-34 and Remote Key Loading support.
  • What is the difference  between TR-31 and TR-34?
    • In addition to being the new RKL process for TR-31 keys, one of the key differences between TR-31 and TR-34 key block formats is that TR-34 doesn’t require a symmetric key to be exchanged between the Key Distribution Host (KDH) and the Key Receiving Device (KRD).
    • TR-34 is used to exchange a TR-31 Key block protection key using asymmetric (RSA) encryption. A TR-34 key block includes a TR-31 compatible key block header. This header contains the usage and exportability information about the key. It is not encrypted and can also contain optional key header blocks as allowed by TR-31.  You can find more  information on TR-31 and TR-34 key blocks @ https://www.pcisecuritystandards.org/document_library/

Appendix:

ATM ModelKeypad VersionATM CoreReplace ATM?Replace EPP Keypad?Replace ATM Core?Software Version Required
MBxxxx
NH1500
NH1800
NH2100T		FirmwareYes
NH1800FirmwareYes
NH2100TFirmwareYes
NH1800CE NH5000CE NH5300CEBlueVerse Embedded 5.0Yes
NH1500SE NH1800SE NH2600SE MX2600SE NH2700 NH2700T MX4000W MX5000SE MX5200SE MX5300SEEPP-6000K (or older)BlueVerse Embedded 6.0NoYes – EPP-X1NoBlueverse Embedded – V06.03.00
NH1500SE NH1800SE NH2600SE MX2600SE NH2700 NH2700T MX2800SE MX2800T MX4000W MX5000SE MX5200SE MX5300SEEPP-8000R EPP-X1BlueVerse Embedded 6.0NoNoNoBlueverse Embedded- V06.03.00
MX2600SE MX2800SE MX2800T MX5200SE MX5400SEEPP-X1BlueVerse Embedded 7.0NoNoNoBlueverse Embedded – V06.03.00
MX5000XP MX5100EPP-6000K (or older)852 945 G41Yes
MX5100T* MX5300XP*
MX5600 MX5600T MX7000D		EPP-6000K (or older)852 945 G41NoYes – EPP-X1YesBlueverse XTM v2.2 (except FDK models)
MoniPlus Global 2.3.49
MX5100T MX5300XP MX5300A/S MX5600 MX5600TEPP-6000K (or older)H81 Q87 Q170NoYes – EPP-X1NoBlueverse Retail – v1.2.0
Blueverse XTM v2.2 (except FDK models)
MoniPlus Global V2.3.49
MX5100T MX5200T
MX5300XP MX5400 MX5600 MX5600T		EPP-8000R EPP-X1SBC210 H81 Q87 Q170NoNoNoBlueverse Retail – v1.2.0
Blueverse XTM v2.2 (except FDK models)
MoniPlus Global V2.3.49
MX7600
MX7800		EPP-6000K (or older)852 945 G41NoYes – EPP-X1YesBlueverse XTM v2.2
MX7600
MX7800		EPP-8000R EPP-X1H81 Q87 Q170NoNoNoBlueverse XTM v2.2
MX8100QTN
MX8200QT
MX8200QTN
MX8800		EPP-6000K (or older)H81 Q87 Q170NoYes – EPP-X1NoBlueverse XTM v2.2
MX8100QTN
MX8100T
MX8200QT
MX8200QTN
MX8300
MX8800		EPP-8000R EPP-X1H81 Q87 Q170NoNoNoBlueVerse XTM v2.2
7-Series
8-Series
9-Series		EPP-X1Q87 Q170NoNoNo Blueverse XTM v2.2

References:

PCI Security Standards – https://www.pcisecuritystandards.org/

Interoperable Secure Key Exchange Block Specification – https://webstore.ansi.org/Standards/ASCX9/ascx9tr312018

Official PCI Security Standards Council Site – Verify PCI Compliance, Download Data Security and Credit Card Security Standards

Related Posts

Service Parts Bulletin

Service Parts Bulletin

Replacement BMD and BMU Control Boards This bulletin is to inform our customers about a part number change for the replacement TCR control board and core board for the BMD and BMU. When replacing the main control board on the BMD or BMU of the TCR, you must also change the core board. In the […]

Continue Reading
ATM Security Bulletin | November 2023

ATM Security Bulletin | November 2023

Key takeaways: Hyosung Innovue is aware that ATM skimming attacks are on the rise in 2023. While non-bank owned ATMs skimming attacks are relatively flat year-over-year, according to FICO, there has been a year-over-year increase in Card skimming of 109% at bank-owned ATMs in the first half of 2023.  Furthermore, there is a shift in […]

Continue Reading
Hyosung Innovue Technical Bulletin

Hyosung Innovue Technical Bulletin

In light of an increase in skimmer attacks, Hyosung encourages you to review the nature attacks, your risk exposure and steps you can take to protect your fleet. The Threat There are 3 types of skimmers, all designed to read Track 2 data from the customer’s card: Risk Exposure Not all card readers have anti-skim […]

Continue Reading