The cornerstone of a new inter-bank payment-processing infrastructure has been the implementation of a new electronic settlement system. Nanoteq, a member of Comparex Holdings, was a key player in the development of the security so critical to this system.
The South African Multiple Option Settlement (SAMOS) system was developed over a period of two years as a collaborative venture between the Reserve Bank, commercial banks and technology suppliers. The system ushers in a new era in electronic transactions in South Africa and has had a major impact on the national payment system.
"This step brings the South African National Payment System in line with what is available internationally and presents an important milestone in the reduction of payment-related risks in the financial system. It also creates the necessary payment infrastructure to support the modernisation of the South African financial markets. The number of banks utilising the SAMOS system was recently increased from 21 to 24, of which 8 are foreign banks," explained Nanoteq product marketing manager Jyri Hamalainen".
The SAMOS system provides an online, real-time facility, enabling banks to electronically transfer funds to one another across their accounts at the SA Reserve Bank. Nanoteq`s provision of tamper-proof hardware-based crytographic security establishes system integrity.
Contributions made by the various Comparex subsidiary companies include the development of the network architecture by Outsource, the development of the security architecture by Nanoteq, and the development of a certification authority for the authentication of system participants by SACA.
The introduction of such an integrated payments network represents a major step towards safe and secure payments for the broad public and would enable the further modernisation of the financial system in South Africa.
Security architecture technical background
IBM MQSeries middleware was selected for providing reliable, platform independent application-to-application messaging between communicating parties. (IBM MQSeries runs on over 30 hardware/software platforms from mainframe to desktop and is therefore suited to the multi-platform payment system infrastructure). Nanoteq developed MQ Armour for IBM MQ Series as the basis for the security architecture, providing the capability to seamlessly integrate strong encryption and authentication into MQ Series environments. MQ Armour provides the capability to connect independent security entities (banks) through a common network, and securely manage registered network participants through a PKI (Public Key Infrastructure).
The MQ Armour PKI supports certification of Public Keys via digital IDs or certificates, and uses smart cards for cryptographic key backup. Interfaces to third party Certification Authorities are also catered for.
Nanoteq`s MQ Armour message security system is based on an integrated server component called a MAP (Message Authentication Processor). The MAP uses a high performance hardware cryptographic co-processor for executing encryption algorithms and storing keys. MQ Armour uses existing MQSeries message exit points to intercept and encrypt messages.
The system configuration is such that MAP message encryption devices are placed at central and participant bank locations . Messages originating from participant banks are sent to the Reserve Bank`s Tandem front end processor using a pre-configured MQSeries transmitter queue. The external MAP co-processor option was used to interface MQ ARMOUR to the TANDEM front-end processor at the Reserve Bank.
Messages received by participant MAPs are signed and encrypted using CA certified public keys, before being transmitted across the network using the MQSeries protocol. At the central site secured messages are intercepted via MQ message exits on the Tandem machine and processed by a security resource manager which uses an external MAP device for decryption. (Messages from the central site to participants are handled in a similar fashion).
Share
Editorial contacts