Data Security and Key Management - Thales e-Security

EMV Personalization Preparation Process P3


EMV Personalization Preparation Process (P3)

Migrate from magnetic stripe to EMV smart cards with the world leading solution

FIPS 140-2

This turnkey hardware/software solution enables cost-effective in-house migration from magnetic stripe cards to EMV smart cards, allowing card issuers to maintain control over their data while transitioning to more secure technology. Consisting of dedicated tamper resistant cryptographic hardware (FIPS 140-2 Level 3 approved) and Windows-based software, P3 integrates easily with host systems, enabling card issuers to create EMV smart card data and keys with minimal impact on existing systems and at minimal cost. Developed in conjunction with MasterCard and Visa, this best-selling EMV data preparation solution from Thales e-Security gives you everything you need to generate and manage your cryptographic data in-house, right out of the box. Two P3 solutions are available, each supporting a full range of contact and contactless chip applications from all the global card associations. Both support a range of smart card platforms.

  • P3 Advance is a perfect match for low- to medium-volume issuers and small organizations in need of a fast and cost-effective approach to enriching a batch of magnetic-stripe cardholder records into an EMV-compliant format. 
  • P3 Server is a fully scalable solution that's ideal for large issuers and organizations that need the flexibility to operate in batches or through an online server. This version can be used with a central site server for branch (or instant) issuance. It integrates easily with smart card management systems to support post-issuance download on multi-application smart cards.

Benefits of the EMV Personalization Preparation Process (P3TM) 

  • Delivers 100% in-house control over cryptographic keys.
  • Supports all major card association contact and contactless applications.
  • Generates keys and EMV parameters from existing magnetic stripe files.
  • Supports instant card issuance and on-demand replacement of cards. 
  • Supports multiple card platforms, including GlobalPlatform, MULTOS, TIBC, and proprietary single and multi-application cards.
  • Provides the data preparation security infrastructure necessary for mobile NFC provisioning.

EMV Personalization Preparation Process (P3) Features

Security Features  

  • Protects all keys and sensitive data as part of the EMV data preparation process, simplifying security audit compliance.
  • Protects payment card master keys from third party organizations, enabling strong control over the highly secure areas of their card operations.
  • Key caching facility enables strong random keys to be generated in the background inside one or more payShield HSMs and subsequently stored encrypted on an external key database, improving efficiency without any degradation in security.
  • Flexible options to protect all or part of the cardholder data provided to P3 through encryption, offering issuers more options to simplify their PCI DSS audit compliance.
  • payShield 9000 uses a FIPS 140-2 Level 3 certified security engine with tamper resistant and responsive features, ensuring high-assurance security at all times.

Operational Features

  • P3 does not require any changes to the existing issuer host card management system (CMS), providing an easy migration from magnetic stripe to EMV smart cards.
  • The intuitive P3 graphical user interface (GUI) allows flexible control of all risk parameters associated with EMV payment cards and shields the issuer from the complexity of all the cryptographic keys and sensitive data required to support the wide range of contact and contactless card application(s) in question.
  • P3 supports all popular card platforms (GlobalPlatform, MULTOS and native/proprietary) providing issuers with the ability to choose the best card option for their cost/support needs and maximizing the interoperability with external card personalization and card management systems.
  • P3 can be used for both scheduled batch mode or instant on-demand card issuance mode, enabling issuers to support their card customers in a cost effective and efficient manner.
  • P3 server supports multiple payShield HSMs, delivering close to linear scalability for issuers to meet their growing card issuance needs and reducing data preparation time.

EMV Personalization Preparation Process (P3) Options and Accessories


  • Cartes Bancaires MEPS-approved version of P3CM-250
  • Replacement keys for P3CM-250
  • LMK smart cards for P3CM-250
  • Replacement keys for payShield 9000
  • LMK smart cards for payShield 9000

EMV Personalization Preparation Process (P3) Specifications

Card Applications Supported

Payment applications of the major card associations:

  • MasterCard – M/Chip Advance, M/Chip Lite, M/Chip 2 Select, PayPass, M/Chip 4 (MULTOS), M/Chip Flex, Maestro and MICA
  • Visa - VSDC (SDA or DDA), V Pay, payWave, qVSDC, MSD, Visa Mobile Payment Application (VMPA), Visa CEPS and VisaCash (DES/RSA)
  • JCB - JCB Lite, J/Smart, J/Speedy
  • American Express – Amex 4.2, AEIPS and ExpressPay
  • Discover – D-PAS
  • Union Pay - PBOC
  • Saudi Arabian Monetary Agency (SAMA) – SPAN2

EMV authentication applications:

  • Visa - DPA
  • MasterCard - CAP

Other applications are supported through the GlobalPlatform scripting language. P3 uses an extended version of the GlobalPlatform scripting language to support data generation for MULTOS applications.

Card Platforms Supported

  • GlobalPlatform
  • TIBC
  • Proprietary single and multi-application cards

Operating Systems Supported

  • Windows XP
  • Windows 2000 Server
  • Windows 2008 Server (32 bit and 64 bit)
  • Windows 2012 Server (64 bit)

Cryptographic Module Features (payShield 9000 or legacy P3CM-250)

Supports the following cryptographic algorithms:

  • DES and triple DES
  • RSA keys with 512 to 2048 bit modulus
  • SHA-1
  • MD5

Supports TCP/IP (Ethernet) and RS-232 (asynchronous) connections to the host server

Incorporates tamper-evidence/resistance features, including:

  • FIPS 140-2 level 3 certified security subsystem.
  • Robust metal enclosure providing resilience against physical damage and attack.
  • Security labels on outside casing to indicate attempts to open the box. The tamper evident labels are under strict control of Thales and cannot be purchased on the open market.

P3 Hardware Data Sheet

P3 hardware

Related Product

P3 Software Data Sheet

Powered by GlobalLink OneLink Software