PCI TR-31 Key Block

Don’t Let Your ATMs Go Dark!


January 2025 Deadline
Get your forecast in to stay ahead of the rush!

What and When

 

Triton and TR-31 Key Block Support

In order to stay up to date with the latest requirements from PCI (the group that manages cardholder data security standards), Triton ATMs have been updated to support a more secure method of transferring encryption keys from the host processor to the ATM.  The new standard is referred to as TR-31 (also known as “key blocks”) and will be mandated by PCI for the transfer of keys to ATMs starting January 1, 2025.  See links below for detailed information.

PCI Key Block Requirements:  https://www.pcisecuritystandards.org/documents/PIN_Security_Rqmt_18-3_Key_Blocks_2019.pdf

PCI Bulletin:  https://www.pcisecuritystandards.org/pdfs/Key%20Block%20Implementation%20Revision%20Bulletin%20FINAL.pdf

ANSI TR-31 Spec : https://webstore.ansi.org/Standards/ASCX9/ASCX9TR312018

 

faq

 What does this mean for my ATMs?

The bottom line is that all ATMs will need to be upgraded to the required EPP version and related ATM software. Triton released the T10 EPP in 2020 to meet this requirement, and software is available for host processor testing. New ATMs purchased from Triton since April 2020 should be hardware compatible for TR-31, and the software will need to be upgraded as directed by your host processor. 

Can all my Triton ATMs be upgraded to support TR-31?

For Triton ATMs, any CE based ATM (RL5000, FT5000, RT2000 10.4” Display, RL2000, RL1600, Traverse, or ARGO) can support the Triton T10 TR-31 capable EPPs.  Older embedded, non-CE based ATMs (9100, 9600, 9700, 8100) are not upgradeable and will need to be replaced before the deadline.

When is the actual deadline to upgrade/replace the ATM?

Although PCI mandates ATM support by January 1, 2025, your host processor will be managing the actual date when the older (non-TR-31) key transfer method will no longer be available.  The ATM will continue to support the older legacy method for transferring keys, as well as the new TR-31 method. The host processor decides which method to use when the host sends working keys to the ATM.

What will happen if an ATM doesn’t comply?

 Your host/processor will stop accepting transactions from that ATM. In other words, the ATM will go dark.

 Can I upgrade the EPP now, even if the TR-31 software update is not yet available?

Yes!  The T10 EPP has been supported since early 2020 and software updates are available now.  In fact, we encourage everyone to put their upgrade plans together sooner than later and provide your keypad forecasts to Triton as soon as possible to ensure keypad availability.  When the TR-31 software updates are certified, the software can be updated from Triton Connect (remote management software) or locally at the ATM through the standard software update process.  Only one (1) site visit should be necessary if you are using Triton Connect.

What will I have to do to upgrade?

 In order to be compliant all ATMs will need a T10 keypad and depending on which keypad you currently have, you will need to upload software. If you have Triton Connect you can upload software remotely.

 Will I need to change my mainboard?

 T10 and TR-31 will be supported on Xscale, X2, and X3 mainboards.

upgrade path

MODEL KEYPAD MODEL PCI VERSION REPLACE ATM SOFTWARE UPDATE KEYPAD REPLACEMENT
9600 T6 1.x Yes NONE NONE
9100 T6 1.x Yes NONE NONE
9700 T6 1.x Yes NONE NONE
8100 T6 1.x Yes NONE NONE
RL1600 T7 1.x No w/T10 T10
T5 1.x w TKM No w/T10 T10
T9 3.1 No w/T10 T10
RL2000 T7 1.x No w/T10 T10
T5 1.x w TKM No w/T10 T10
T9 3.1 No w/T10 T10
RL5000 T7 1.x No w/T10 T10
T5 1.x w TKM No w/T10 T10
T9 3.1 No w/T10 T10
RT2000 T7 1.x No w/T10 T10
10.4″ Screens Only T5 1.x w TKM No w/T10 T10
T9 3.1 No w/T10 T10
FT5000 T7 1.x No w/T10 T10
T5 1.x w TKM No w/T10 T10
T9 3.1 No w/T10 T10
ARGO 7.0 T9 3.1 No w/T10 T10
T10 5.x No TBD None
ARGO 12.0 T9 3.1 No w/T10 T10
T10 5.x No TBD None
ARGO 15.0 T9 3.1 No w/T10 T10
T10 5.x No TBD None
ARGO FT T9 3.1 No w/T10 T10
T10 5.x No TBD None

keypads

T5

Version: PCI1/TKM

Release Date: November 2007

T6

Version: PCI1

Release Date: January 2008

T7

Version: PCI1

Release Date: April 2008

T9

Version: PCI3

Release Date: May 2014

T10

Version: PCI5

Release Date: March 2020