Key Management Procedures

Last Revision: 3/25/2011
Internal Documentation & Procedures Date of Origin: 12/2004 Responsible Officer:

Cardtronics, Inc. Jerry Garcia
Section: Page 1
Title: Encryption Key & PIN Security Policies & Procedures
PURPOSE
1. To establish the Polices of Cardtronics as it pertains to Encryption Key and PIN Security for Automatic Teller Machines (ATM’s).
2. To document procedures that must be followed to ensure that the Policies established by the Cardtronics and BANK are
maintained and followed.
POLICY
1. Pin Security and Encryption
Cardtronics has established policies that all devices and keys be managed in accordance with applicable network rules and
industry standards.
A. Triple DES. All ATM are Triple DES compliant.
B. Encrypting PIN Pads. All ATMs must use Encrypting PIN Pads (EPPs) that conform to the requirements of a
physically secure Tamper-Resistant Security Module (TRSM) as defined in ANSI X9.8-2003, Section 6.3 and ANSI
X9.24-2002, Part 1, Section 7.2. Cardtronics will purchase only approved EPPs that have been verified on the
website of approved EPPs – www.pcisecuritystandards.org/pin. Affidavits of compliance for all terminals from
manufacturers or print outs from manufacturer user guides will also be kept on file. No terminal will be
activated without fully compliant and network approved EPP.
C. Dual Control and Split Knowledge. All key components will be managed under dual control and split
knowledge. Specifically, no one person has access to the full string of key components, ever.
D. All activations in field will be managed using the attached “Exhibit 1 - Encryption Key Installation Checklist” and
a copy will be included in the Merchant’s File.
E. All Statements provided by the Cardtronics in Network PIN Security Reviews are accurate and procedures are
followed.
F. Key mailers. Processors utilized by Cardtronics provide key components in Key mailers. While the use of a more
secure method of printing and maintaining key components simplifies dual control, the concept of dual control
and split knowledge will not be abandoned and ATM Terminals will be activated according to procedures.
Specific details are provided in Section 5.
G. Only ANSI recognized methods are used singularly or in combination for key management. Approved formats
are: Fixed Transaction Keys, Master Keys/Transaction Keys or Derived Unique Key Per Transaction (DUKPT).
H. All Keys in PIN entry devices are unique, except by chance.
Confidential Cardtronics
Section: Page 2
Table of Contents
1. Request for Encryption Keys
2. Receipt of Encryption Keys
3. Storage of Encryption Keys
4. Receiving New Terminals
5. New Installations
6. Changing ATM to New Location
7. Key Component Destruction
8. Terminal De-installations
9. Compromised Keys
10. ESO (and other on-site) Procedures
Section: Page 3
1. Request for Encryption Keys
A. ATM Key Component Distribution Form is submitted to Processor (Exhibit 2 – Key Component Order Form” form
sent to the Processor (s) by a Designated Custodian.) (Exhibit 3 - Key Custodian Agreement).
B. Files will be maintained for each Designated Custodian
i. Designated Custodians must:
(a) Have read the PIN and Encryption Policies and Procedures, and
(b) Understand the obligations they are undertaking, and

(c) Sign the appropriate Designated Custodian Form.
B. Cardtronics will ensure the Processor maintain a list of designated custodians and that Key Components are
authorized to be sent only to current designated custodians. Cardtronics will
i. Maintain a file of current custodians.
ii. Ensure that at least two custodians are maintained.
iii. Ensure that HR has a record of custodians to ensure replacement upon termination and to provide the
Cardtronics with a “heads up” in case of a compromise or if the employee forms an attached with
another custodian or leaves the Cardtronics under less than satisfactory conditions.
iv. Ensure that the custodians may act without any undue influence in discharging duties.
C. Key custodians will be responsible for:
i. Taking delivery of key component from the Processor;
ii. Maintaining the tamper evident packaging until the Key Components can be opened under dual
control;
iii. Components with external serial numbers will be logged individually by serial number, date received,
names of both custodians. Components without external serial numbers will be logged in bulk, date
received, initials of both custodians;
iv. Securely storing components under dual control;
v. Safely and securely transporting key component to the installation site using dual control, split
knowledge;
vi. Loading key component into an ATM, using dual control and split knowledge;
vii. Destroying of key component by an approved method and documenting the destruction;
D. Key Generation – Keys and key components must be generated using a random process such that is not
possible to determine that some keys are more probable than other keys. All key components must be a
minimum of 32 hexadecimal (alpha-numeric) characters.
Section: Page 4
i. All Processors used by Cardtronics generate their own keys, have been audited and certified that the
process is random and is in compliance with all networks.
ii. All Processors used by Cardtronics use key mailers to distribute key components.
E. Component Keys are sent from the Processor to Cardtronics in tamper evident packaging and are mailed only
to designated custodians. Components are completely random and sealed in key mailers shipped in one
package, and stored in safes, containing never less than 50 envelopes.
F. Cardtronics will request the tracking number of each package to ensure the package is not opened and
resealed.
2. Receipt of Encryption Keys

A. Custodians verify by the tracking number that they are receiving the correct package.
B. Custodians inspect the package to ensure that it has not been tampered with or opened in any way.
C. If evidence of tampering exists.
i. Manager should immediately be informed.
ii. Under dual control, the package will be destroyed using acceptable destruction of cross shredder,
burned or liquefied. A witness will sign the destruction form.
iii. The original request form will be documented that the Keys were destroyed and signed by the
appropriate Custodian and the witness to the destruction.
iv. Processor will be notified the Keys packaging was tampered with and the components were
destroyed.
D. New Key Components will be requested from Processor.
E. The request is filed in the KEYS REQUESTED, Master Key Log folder by Processor.
F. If the package is received secure, it will be opened. Key Components verified with the requested order.
G. Components with external serial numbers will be logged by serial number, date received, initials of both
custodians. Components without external serial numbers will be logged in bulk, date received, names of both
custodians. Log is password protected and is stored on the U drive. (Exhibit 4 – Pin & Encryption Key Security
Log) If serial numbers are not listed on the exterior of the PIN mailer, perpetual inventory counts will be
maintained.
3. Storage of Encryption Keys
A. Key components will be stored in safes under dual control so that no one person has access to the key
components.
i. Safe on occasion will be accessed to assemble “Key Packages”.
Section: Page 5
ii. “Key Packages” will be assembled under dual control and returned to the safe for storage. Specific details of
creating “Key Packages” are provided in Section 5.
B. All entries into the safe are logged in Master Key Control Log. Log is maintained by serial numbers, when
possible, so that when the machine is activated a record is maintained.
C. Upon termination of a Processor all Key Components in safes are destroyed.
D. Quarterly audits performed by two custodians.
4. New Terminals
A. The Manufacture will notify Cardtronics that a terminal is being shipped and will provide the terminal serial
number.
B. The Manufacture will ship the terminal to the warehouse or directly to site.
C. The terminal will be inspected inside and out to determine it arrive without tampering and in good condition.
D. Serial number compared to the shipping invoice.
E. The terminal will be logged to inventory with all pertinent information including
i. Manufacture
ii. Model Number
iii. EPP Serial Number
F. Terminal will be maintained in a secure storage facility until shipment to the actual installation location.
G. Terminal Database will be accurately maintained to show location and status of each ATM.
i. If a terminal is moved the database will note the new location
ii. If the terminal is deactivated, the database will show the accurate status and where the machine has
been moved.
iii. If a new encrypting PIN PAD (EPP) was installed, the database will show the new serial number of the
EPP.
H. The Encrypting PIN PAD (EPP) is an integral part of the ATM.
i. Serial numbers for replacement, inventoried or extra EPP must be accurately maintained.
ii. EPPs are maintained in a secure area and limited to only trusted employees.
iii. Employment background checks should be completed on these employees to ensure no employee
with a criminal history is trusted with this device.
Section: Page 6
5. New Installations
A. Warehouse Activation
i. Manager will notify custodians of a pending installation.
(a) The serial number of the designated terminal will be determined.
(b) The site location will be provided.
(c) The date of the installation will be given.
(d) Before shipping, the Manager will confirm the terminal serial number to Installation Manager.
(e) Scheduling department will coordinate the scheduling of the up coming install. Maintenance will
be responsible for bringing the Terminal “on-line”.
B. Installing Key Components
(a) Two custodians will gain access to the safe under dual control containing the key
components.
(b) Each will remove a key mailer for the appropriate Processor.
(c) Making the appropriate entries on the Master Key Log – Meadow Glen or Master Key Log -
Eagle.
(d) Two custodians will bring key mailers to ATM in the warehouse. The terminal activation
checklist is used to activate ALL terminals.
(e) Two custodians will verify that the terminal serial number is correct.
(f) Both custodians will verify that the terminal has not been compromised.
1. Locks are not tampered with, not broken or marked.

2. That there are no unusual devices inside the ATM.
(g) If the terminal has been compromised and cannot be repaired on site, it will be returned to
storage.
1. If the terminal has not been compromised the installation will proceed.
(h) The service technician will key in his password to gain access to the area for entering the
keys. Custodians will also verify that there are no unnecessary personnel in the room during
the time of key loading and that all cell phones/PDAs are placed in a basket by the door. All
window blinds must be closed during the loading process.
(i) Both custodians will verify that there are no cameras in the area facing the terminal.
(j) Any location having a surveillance camera directed at the ATM will require a blocking
screen, such as an umbrella to ensure there is no unauthorized disclosure of any component.
Section: Page 7
A blocking shield will always be utilized when loading keys in ATMs located in high
surveillance locations, such as casinos and airports.
(k) Each Custodian will verify that the envelope containing the Key Components has not been
opened or tampered with and the seal is securely attached.
(l) Unobserved Custodian 1 will enter first set of key components in to the terminal. Custodian 2
must have their back to Custodian 1 during this process and be scanning the area for
anything unusual.
(m) Unobserved Custodian 2 will enter second set of key components in to terminal. Custodian 1
must have their back to Custodian 2 during this process and be scanning the area for
anything unusual.
1. Key authentication will be completed with the Processor using the instruction of the Key
Component Envelope and always with both Custodians present for the process.
Custodians will never share their unique IDs and pass codes with anyone as this is vital to
maintain the security of the PIN mailer method of key components. Processor will
respond with a check sum authentication code no longer than six digits.
2. If Keys cannot be authenticated, the system is cleared and both custodians will have to
reenter their set of key components.
3. If the verification code is correct then the service technician can bring the terminal
online.
(n) Key Custodian 1 will dial the Processor and follow prompts/instructions for binding keys.
(o) Key Custodian 2 will then dial the Processor and follow prompts/instructions for binding 2nd
half of key.
(p) Custodian(s) will test the ATM using an ATM card to do a balance inquiry.
(q) Key components will be destroyed using acceptable destruction method; the destruction will
be witnessed by a third party. Each custodian will sign the activation checklist at the time of
terminal activation. This checklist will be used to update the Master Key Log, scanned in the
merchant file.
(r) Machine will be shipped to the designated location.
(s) Before installation, the machine will again be inspected and serial number will be verified.
C. On site activations – Not all activations take place in the warehouse, nor at times are two custodians available.
A temporary custodian may be utilized to share responsibilities of dual control.
i. Ensure the temporary custodian complete a Temporary Custodian Authorization and understand
their responsibilities. Exhibit 5 -Temporary Key Custodian Agreement
ii. Temporary Key Custodian Agreement and the Encryption Key Installation Check List. Are returned to
office, logged, scanned and linked to merchant file.
iii. If one custodian is transporting two key components to an on site activation they must maintained in
individual “T-Bags” within a tamper evident envelope.
(a) Two custodians remove two key components from dual control.
Section: Page 8
(b) Each component in a separate tamper evident “TEA Bag”, recording the numbers.
(c) “T-Bags” are placed in a FedEx envelope along with Key Activation and Temporary Custodian
forms along with an additional open “T-Bag”. The envelope is then sealed and stamped with
“THIS ENVELOPE WILL ONLY BE OPENED WHEN TWO CUSTODIANS ARE PRESENT”
(d) Key custodian transports the “Key Package” to the location. The “Key Package is opened under
dual control. Temporary Custodian signs enclosed form and takes possession of one “T-Bag”. The
second “T-Bag” remains in the possession of the Key Custodian.
(e) On site custodians will follow procedures as per the Encryption Key Installation Checklist, Exhibit 1.
(f) All documents will be forwarded to Customer Care Center upon completion of key entry.
(g) Customer Care Center will verify receipt of all necessary documents before assisting with the
binding of keys in accordance to procedures.
(h) Customer Care Center servicer IDs are changed quarterly.
D. Emergency Activations
i. Two key components may be selected using dual control procedures and placed in T-bags, they are
then place in a FedEx envelope along with a Key Activation and a Temporary Custodian Form, the
package is recorded with senior management, and placed in a safe place within the office.
E. Merchant Location Instructions
(a) Cardholders must be able to enter PIN numbers without being observed. ATMs are not placed
where entry can be recorded by a camera.
(b) ATMs are not placed facing a window where outside foot traffic can record or observe PIN entry
or removal of cash.
(c) ATM is placed where the cardholder has at least a minimum of privacy and light when
completing a transaction.
ii. Merchants/Employees are instructed to never request a PIN number or give assistance in entering a
PIN number. If a customer has difficultly using the ATM, merchant instructs them to call the bank that
issued the card or the number provided on the ATM for operational difficulties.
iii. ATMs will be operated in its intended manner and environment
(a) Devices manufactured for inside use only, are not used outside.(b) Additionally,
devices will only be operated in their intended manner by dispensing U.S.
currency.
iv. Merchant is instructed not to move the machine without assistance from the registered ISO.
v. Merchant is instructed to notify Cardtronics if there is a change in ownership of the Merchant.
Section: Page 9
vi. If the Merchant owns the machine, he may not sell it to another party and is instructed that to do so will
immediately void all agreements.
vii. Key Custodian – If the Merchant acts as a key custodian they must read, understand and sign the key
custodian agreement. The agreement is kept in the merchant file. Key Components may be sent to a
merchant to activate a machine. The Merchant may act as a custodian with a qualified employee or
technician to activate the ATM. While this could technically violate the requirement that there not be
any undue influence, the Temporary Custodian Agreement requires the Merchant’s signature attesting
that they understand their responsibilities.
viii. First line maintenance – Card holder information. Merchant performing First Line Maintenance are
instructed that transaction tapes must be stored in a secure location to prevent compromise of
cardholder information and kept for 7 years.
ix. If Merchant is allowed to purchase or lease the ATM, the entire “Cardtronics” POLICES and
PROCEDURES are provided to the merchant via the Cardtronics website. Cardtronics obtains
confirmation that the Merchant understands all obligations concerning ATM ownership. Including but
not limited to:
1. Use of custodians,
2. Dual control activations,
3. Key component use and destruction,
4. Cash supply,
5. Transaction tape retention and storage,
6. ATM maintenance,
7. ATM Security
x. Merchant Due Diligence - Exhibit 6
6. Changing ATM to New Location
A. New Key components must be entered into the ATM.
B. EPP serial number must be verified.
C. ATM must have a an approved PCI EPP (refer to www.pcisecuritystandards.org/pin)
Refer to Section 5 (above) for complete installation requirements.
7. Key Component Destruction
A. When key components are no longer needed, they should be destroyed using appropriate destruction methods.
It is recommended that key components be destroyed as soon as possible after their installation.
Section: Page 10
B. Key components written or printed on paper media should be destroyed only using the following methods:
1. Crosscut shredding
2. Burning
3. Pulping in water (such as in a blender)
Destruction of key components should take place under dual control and split knowledge. A witness (other
than the second key custodian) should be present to confirm that destruction has taken place. However, at no
point should that witness be permitted to see the actual components being destroyed. Destruction of
components should be documented in the Master Key Log and witnessed on the Key Destruction Form.
8. Deactivating an ATM
A. Use the ATM De-Activation Self Audit Checklist (Exhibit 7)
B. When an ATM is received for repair or permanently removed from service, the keys resident in the TRSM should
be erased (zero out) at the time of deactivation, following the manufacturer’s instructions.
C. The terminal is shut down and removed from location to secure storage.
D. Warehouse manager will record arrival of terminal to log
E. Using the ATM De-Activation Self Audit Checklist technician will confirm keys were removed.
7. Compromised Keys
A. Bank and Management will be notified immediately if there is a known compromise or suspected
compromise.
i. Senior Management will determine the extent of the compromise and action to be taken.
ii. If the Keys in one or more ATMs have been compromised.
(1) The machine (s) will be shut down.
(2) New Keys will be entered prior to the machine (s) being activated,
(3) Investigation will be performed to determine the extent of such compromise.
(4) Summary report will be prepared to indicate:
i. Identification of all affected keys and ATMs.
ii. Identification of all affected parties.
iii. Notification process of all affected parties.
iv. Process for replacing the keys in a timely manner.
v. Analysis of affected systems.

Section: Page 11
iii. If a Global Key Compromise has taken place.
(1) Machines will be shut down
(2) Sponsor Bank will be notified
i. American State Bank Natalie Struck 720-977-8080
ii. PDNB Connie Montoya 760-674-1461
(3) Cardtronics or Bank will notify Fair Isaac – Lori Aguam (972) 377-8920
(4) Cardtronics or Bank will notify networks.
iv. If the compromise is of a criminal nature the Secret Service should be notified. (646) 230-3242 (Greg
James normally handles ATM Fraud)
v. Encryption Keys can be compromised in many different ways, the following will address several
examples.
i. Single ATM Key Compromise
1. Incorrect delivery of keys from the Processor and machines activated.

2. Tracking numbers incorrect and machines activated.
3. Keys components package opened by one person and machines activated.
4. Tampered delivery and machines activated.
5. Keys not stored under dual control and machines activated.
6. Keys compromised during installation.
7. Notification from the Processor of possible Key compromise or attempted Key
compromise during transmission.
8. One custodian entering key components
9. Key components not being destroyed or destroyed incorrectly
ii. Multiple Key Compromise may include but not limited to;
1. Notification from Processor of compromise in the formulation of Keys.

2. Notification from Processor or Association of a systematic compromise of Keys.
3. Compromise of dual control systems during key formation
4. Compromise of an employee/employees
5. In the case of a natural disaster where dual control of key storage has been compromised
key component must be replaced.
i. Limited Key components should be stored in dual control, off site, as a disaster
precaution or for emergency activations. Such storage should be changed
periodically and key components destroyed. Storage of emergency of off site
key can be no less than regular storage.
Section: Page 12
9. Encryption Service Organization (ESO) and other on-site Activations.
Definition of an ESO: Any Person or organization, other than the member or that member’s agent, that routinely and as a part of
its services loads encryption software or KEY components into ATM. To include all or part of the following Key management
functions: receiving, storing, logging, conveying or entering Key Components.
Cardtronics only contracts with registered ESO’s for the loading of keys.
A. Procedures if an ESO or an ISO sends Key Components to maintenance personnel activating an ATM or if
maintenance personnel carry Key Component to a Merchant Location.
i. Two Key Components will be removed from Dual control by two custodians.
ii. Each Key Component will be put into a security bag.
iii. A record will be maintained of where the two components are sent and the numbers on the security
bag.
iv. Two security bags, One activation work sheet, Temporary Custodian Agreements will be put into a FED
EX or similar carrier envelope. Across the zip opening of the envelope, “THIS ENVELOPE WILL ONLY BE
OPENED WHEN TWO CUSTODIANS ARE PRESENT”, will be written in bold black print.
v. When both custodians are on site the envelope will be opened, each custodian will sign the Encryption
Key Installation Checklist acknowledging it was opened while both were present
vi. The name of the merchant, address, city, state and zip will be entered on the first line.
vii. Device Manufacture, Device Model Number and Processor Terminal ID will be enter on the second line
viii. Software/Firmware Version, Terminal serial number and EPP serial Number will be listed on the third line.
(In some cases and the serial ID and the EPP ID cannot be seen, if this is the case the lines will be
ignored.)
ix. Lines 1-4 will be read and initialed appropriately; the correct bag number will be entered for each
security bag. The correct serial number for the Key Components will be entered in 3-4.
x. The preload inspected Lines 5-9 will be completed and initialed by each custodian.
xi. Key Components will be loaded. Lines 10-13
xii. Post Activations Procedures, Line 14-15.

xiii. Key Destruction will be completed by each custodian and witnessed by a third person. This can be the
merchant, maintenance personnel or location owner or other technician. Witnessed Key Destruction
on site, provides less chance of a compromise than returning open Key Components to the ISO.
xiv. Each Custodian will ensure the Encryption Key Installation Checklist is completed in full, initialed where
required and signed.
xv. The sheet will be mailed or faxed back to the ISO. The ISO will confirm that the BAG NUMBERS matched
to the BAG numbers sent and record the serial numbers in the log. The activation work, and the
temporary custodian agreements will be maintained with the Merchant’s file.
xvi. If any step is missed, completed incorrectly, not signed, or the activation worksheet not returned to the
ISO, the ATM will be considered compromised and must be taken down and new components
installed.
Genpass, and Fiserv Key Components do not have serial numbers on the key mailer therefore serial numbers cannot be entered into the
logs until after the ATM is activated
Section: Page 13
Exhibit 1: Encryption Key Installation Check List
Exhibit 2: Key Component Order Form Genpass

Key Component Order Form First Data
Key Component Order Form Cardtronics
Exhibit 3: Key Custodian Agreement
Exhibit 4: Pin & Encryption Key Security Log
Exhibit 5: Temporary Key Custodian Agreement
Exhibit 6: Merchant Due Diligence
Exhibit 7: ATM De-Activation Self Audit Checklist
Section: Page 14
ENCRYPTION KEY INSTALLATION CHECKLIST

EXHIBIT 1
Section: Page 15
KEY COMPONENT ORDER FORM (CARDTRONICS)

EXHIBIT 2
Section: Page 16
KEY COMPONENT ORDER FORM (GENPASS)

EXHIBIT 2
Section: Page 17
KEY COMPONENT ORDER FORM (FIRST DATA)

EXHIBIT 2
Section: Page 18
KEY CUSTODIAN AGREEMENT

EXHIBIT 3
Section: Page 19
PIN AND ENCRYPTION KEY LOG

EXHIBIT 4
Section: Page 20
TEMPORARY KEY CUSTODIAN AGREEMENT

EXHIBIT 5
Section: Page 21
MERCHANT DUE DILIGENCE

EXHIBIT 6
Section: Page 22
ATM DE-ACTIVATION SELF AUDIT CHECKLIST

EXHIBIT 7

Key Management Procedures

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Key Management Procedures

Uploaded by

Copyright:

Available Formats

Last Revision: 3/25/2011

Internal Documentation & Procedures Date of Origin: 12/2004 Responsible Officer:

H. All Keys in PIN entry devices are unique, except by chance.

2. Receipt of Encryption Keys

3. Storage of Encryption Keys

4. Receiving New Terminals

6. Changing ATM to New Location

7. Key Component Destruction

10. ESO (and other on-site) Procedures

1. Request for Encryption Keys

(b) Understand the obligations they are undertaking, and

i. Maintain a file of current custodians.

ii. Ensure that at least two custodians are maintained.

C. Key custodians will be responsible for:

i. Taking delivery of key component from the Processor;

iv. Securely storing components under dual control;

2. Receipt of Encryption Keys

C. If evidence of tampering exists.

i. Manager should immediately be informed.

D. New Key Components will be requested from Processor.

3. Storage of Encryption Keys

C. Upon termination of a Processor all Key Components in safes are destroyed.

D. Quarterly audits performed by two custodians.

D. Serial number compared to the shipping invoice.

ii. Model Number

iii. EPP Serial Number

i. If a terminal is moved the database will note the new location

H. The Encrypting PIN PAD (EPP) is an integral part of the ATM.

i. Manager will notify custodians of a pending installation.

(a) The serial number of the designated terminal will be determined.

(b) The site location will be provided.

(c) The date of the installation will be given.

B. Installing Key Components

1. Locks are not tampered with, not broken or marked.

(r) Machine will be shipped to the designated location.

(h) Customer Care Center servicer IDs are changed quarterly.

E. Merchant Location Instructions

iii. ATMs will be operated in its intended manner and environment

v. Merchant is instructed to notify Cardtronics if there is a change in ownership of the Merchant.

2. Dual control activations,

3. Key component use and destruction,

5. Transaction tape retention and storage,

x. Merchant Due Diligence - Exhibit 6

6. Changing ATM to New Location

A. New Key components must be entered into the ATM.

B. EPP serial number must be verified.

C. ATM must have a an approved PCI EPP (refer to www.pcisecuritystandards.org/pin)

Refer to Section 5 (above) for complete installation requirements.

7. Key Component Destruction

A. Use the ATM De-Activation Self Audit Checklist (Exhibit 7)

D. Warehouse manager will record arrival of terminal to log

ii. If the Keys in one or more ATMs have been compromised.

(1) The machine (s) will be shut down.

(3) Investigation will be performed to determine the extent of such compromise.

(4) Summary report will be prepared to indicate:

i. Identification of all affected keys and ATMs.

ii. Identification of all affected parties.

iii. Notification process of all affected parties.

iv. Process for replacing the keys in a timely manner.

v. Analysis of affected systems.

iii. If a Global Key Compromise has taken place.

(1) Machines will be shut down