The acronym ESO stands for Encryption Support Organization (sometimes also referred to as an Encryption Service Organization), which is a cryptographic key management and injection service provider that supports merchant deployments of Point of Sale PIN Entry Devices.
Key Injection is the act of injecting encryption keys into POS (Point of Sale) hardware devices from an attached Hardware Security Module (HSM). An HSM is a computer that is purpose built for cryptographic functions and is equipped with anti-tampering measures to safeguard the keys it contains.
With ESO’s, security is viewed with the utmost importance and they commit themselves to stay compliant with ever evolving security specifications. Regarding the physical aspect of security, ESO’s utilize Key Injection Facilities (KIFs) that comply with industry standards and rules related to security procedures, audits, and consistent upgrades internally. The facility is constantly kept secure to protect devices with use of access controlled doors, camera surveillance and personal access that is limited to fully trained team members who pass background checks prior to performing key injections. Operating procedures also require access to the key loading application to be performed in a dual login fashion, which means individuals are unable to supervise the system operations by themselves. Device tracking is another aspect of security in the organization, in which a chain of custody is closely followed for devices involved in key injection from their initial deployment through their decommissioning and ultimate destruction. This tracking greatly lessens overall risks and upholds the audit trail, which includes tracing and serial information, the activities of the users, and overall system access.
Along with Chase Bank, UCP is also an ESO of various other processing platforms, including:
- Global Payments
- North American Bancard
Additionally, UCP is a key injection facility of the following gateways