Top

Gertec: Protecting PIN Pad Transactions with MAX32550 Secure Microcontrollers

Headquartered in Sao Paulo, Brazil, Gertec has been developing equipment and solutions for commercial and banking automation, media terminals, and more for customers around the world since 1989. More than one million of the company’s PIN pad systems are in the Brazilian market. “We offer good quality, and we want our products to be easy to use,” notes Jorge Ribeiro, Gertec’s CEO.

Challenges

  • Meet stringent payment industry security standards
  • Deliver products to market quickly that meet cost and user experience expectations

Solutions

Benefits

  • Faster PCI-PTS certification process for payment products
  • Cost and time savings due using highly integrated secure IC
  • Better management of product lifecycles

Gertec protects its PIN pad systems with secure microcontrollers.

Challenges

Since its products deal with sensitive financial data, it’s natural that Gertec places a priority on security. The company’s engineers, explained Ribeiro, give a great deal of consideration on methods for implementing security and also on meeting security standards. The global Payment Card Industry (PCI) Security Standards Council maintains, evolves, and promotes security standards for the financial payments industry. Its PIN Transaction Security (PTS) standard, PCI-PTS, provides for robust security controls for payment systems. As part of this effort, the organization also oversees testing requirements that validate vendor documentation of policies and procedures related to device management. Meeting the stringent PCI-PTS requirements can be time- and labor-intensive. At the same time, the company faces significant competition, and time to market pressures are always there. In addition, its customers expect Gertec’s products to deliver the quick and easy touchscreen-based user experience that end users have come to expect.

“Our customers push us to provide good experiences with good prices,” said Ribeiro.

Ribeiro noted that the lifecycle for payment products has shrunk. A few years ago, a lifecycle of four to five years was typical. Now, two years is the norm before new and updated products are expected. When a product is under development, engineers are under pressure to ensure that specifications will continue to be met even as the product is later updated.

Solution

Gertec needed a way to deliver the secure financial transactions its customers depend upon, while also getting its products to market quickly. The company turned to Maxim’s embedded security ICs. “My relationship with Maxim started many years ago. It’s a very successful one because Maxim offers a complete system, deep expertise in PCI-PTS requirements, and good local support from MacnicaDHW,” said Ribeiro.

Gertec is using the MAX32550 DeepCover® secure Arm® Cortex®-M3 flash microcontroller in its PIN pad systems. The MAX32550 features a cryptographic engine, a true random number generator, battery-backed real-time clock, environmental and tamper detection circuitry, a magnetic stripe reader, a smart card controller, and an integrated secure keypad controller. The company also has a variety of payment processing products under development using a variety of Maxim ICs, including Class D amplifiers, fuel gauges, switching chargers, and wireless power receivers.

Benefits

Working with Maxim helped Gertec meet PCI’s security standards in an efficient manner. Maxim provides a security evaluation report from an independent lab, which helps to decrease the amount of time and cost associated with PCIPTS certification. The integrated peripherals available in the MAX32550 reduce the external component count, another cost and time savings. In addition, Ribeiro noted, working closely with vendors like Maxim is key to ensuring that Gertec has access to the right parts at the right time, so the company can better manage its product lifecycles.

pedro-palaez-photo

“My relationship with Maxim started many years ago. It’s a very successful one because Maxim offers a complete system, deep expertise in PCI-PTS requirements, and good local support.”

- Jorge Ribeiro, CEO, Gertec