How does the X9 PKI differ from browser-based PKI?

Traditional web PKI certificates are primarily designed for web security, meaning financial institutions have had to adapt their systems to changes dictated by browser vendors. This approach led to major issues, such as the SHA-1 to SHA-2 migration, where financial systems struggled to maintain interoperability. The X9 PKI is built specifically for financial services, providing a dedicated, industry-driven root certificate controlled by financial institutions—not third parties.

What are the key benefits for using the X9 PKI for financial services?

The X9 PKI offers several advantages for banks, ATMs, and financial service providers: • Independence from the web PKI: No reliance on browser-based certificate policies that could disrupt operations. • Secure interoperability: A common root certificate enables secure communication across financial institutions. • Scalability and flexibility: Financial organizations can integrate existing PKI systems with the X9 root through cross-certification. • Future-proofing security: Ensures financial institutions can manage security transitions on their own terms, avoiding last-minute disruptions.

What problem does the X9 PKI solve for banks and ATMs?

Many financial institutions still rely on older PKI models tied to browsers, making them vulnerable to unexpected policy changes. A key example is the SHA-1 to SHA-2 transition, which caused massive interoperability issues for ATMs and banking infrastructure. The X9 PKI eliminates this risk by providing a stable, dedicated root certificate designed for financial security—ensuring that banks and ATMs can communicate securely without external dependencies.

Is the X9 PKI only for U.S. financial institutions?

No. While ASC X9 is a U.S.-based standards organization, the X9 PKI is designed for global adoption. Financial institutions worldwide can cross-certify with the X9 root, ensuring secure and interoperable communication across borders.

How can financial institutions adopt the X9 PKI?

Banks, ATMs, and financial service providers can integrate the X9 PKI by working with �� and its partners. The infrastructure allows for cross-certification, so organizations with existing PKI systems can seamlessly transition without disrupting current operations.

What impact will the X9 PKI have on financial cybersecurity?

By providing a dedicated, scalable, and secure PKI infrastructure, the X9 PKI helps financial institutions: • Reduce cybersecurity risks by eliminating reliance on external browser-based certificate policies. • Ensure long-term stability with a trusted industry-backed root certificate. • Enhance compliance with evolving financial security regulations.

How the X9 PKI Puts Financial Institutions in Control

PKI 02-27-2025

How the X9 PKI Puts Financial Institutions in Control

��

Dean Coclin

If you work in financial services, you know how critical security is—and how challenging it can be to keep up with shifting standards and evolving threats. For years, financial institutions have relied on browser-controlled certificates to secure their digital communications. But this approach has caused major headaches, particularly when browsers make changes that impact legacy systems.

Remember the transition from SHA-1 to SHA-2? When certificate authorities were mandated to stop supporting SHA-1 certificates, ATMs and other banking systems suddenly faced massive interoperability issues, leaving financial institutions scrambling to react. The lesson? Relying on browser-driven security policies can clash with the needs of the financial community.

Now, thanks to a new initiative led by �� and ASC X9, financial institutions finally have an alternative: a dedicated X9 public key infrastructure (PKI) built specifically for their needs.

Breaking free from browser-controlled PKI

The financial sector has unique security challenges that browser-based PKI just wasn’t designed to handle. That’s why �� and many financial institutions have spent the past few years working with ASC X9 to develop a financial services-specific PKI—one that provides more control, security, and interoperability for banks, ATMs, and financial service providers.

So what does this actually mean for financial institutions?

Independence from browser-based certificates: No more worrying about browser vendors making security decisions that disrupt your operations.
Specific use cases identified for the financial community’s needs: The X9 PKI Study Group spent 6 years developing a Certificate Policy and relevant use cases that directly involve the broader financial community. These use cases provide for a pre-defined PKI, making it ready to go for customers.
Seamless interoperability: A common root certificate makes it easier for financial institutions, ATM manufacturers, and other stakeholders to communicate securely.
Scalability and flexibility: Organizations with existing PKI systems can cross-certify with the X9 root, ensuring smooth integration.
A more predictable future: Financial institutions can manage security on their own terms, rather than reacting to external policy changes.

Building a more secure financial future

For the first time, the financial sector has a PKI designed specifically for its needs—one that’s built for long-term stability and security. This isn’t just a technical upgrade; it’s a fundamental shift that puts financial institutions back in control of their security infrastructure.

As cyber threats continue to grow and regulations become more complex, having a dedicated, industry-driven PKI will change the game. Financial institutions will be able to communicate securely, avoid costly disruptions, and build a future-ready security strategy—without being at the mercy of browser updates.

�� and its partner, EONTI, are leading the way in implementing this X9 public key infrastructure, and it’s only the beginning. As adoption grows, this initiative has the potential to set a new global standard for secure financial communication. The financial sector is taking control of its security—and with the X9 PKI, the future looks a whole lot more stable.

Frequently Asked Questions

The X9 public key infrastructure (PKI) is a dedicated security framework designed specifically for financial institutions. Unlike the traditional web PKI, which was built to serve browser needs, the X9 PKI provides independent, stable, and secure digital certificate management. This ensures seamless interoperability between banks, ATMs, and other financial entities while reducing the risk of unexpected security disruptions.

What is the X9 PKI, and why is it important for financial institutions?
How does the X9 PKI differ from browser-based PKI?
What are the key benefits for using the X9 PKI for financial services?
What problem does the X9 PKI solve for banks and ATMs?
Is the X9 PKI only for U.S. financial institutions?
How can financial institutions adopt the X9 PKI?
What impact will the X9 PKI have on financial cybersecurity?

Register for the webinar

The latest developments in digital trust

Want to learn more about topics like PKI, compliance, and digital trust? Subscribe to the �� blog to ensure you never miss a story.

TLS Certificate Lifetimes Will Officially Reduce to 47 Days

Stephen Davidson

Digital Trust

06-16-2025

Building Digital Trust in a Perimeterless World

Abby Norwood

�� One

06-19-2025

Strengthening Digital Trust with PKI+DNS

��

Abby Norwood

��

Find the right TLS/SSL Certificate to secure your website

eIDAS-compliant transaction and website document security solutions

WATCH REPLAY >

Are you ready?

Join industry luminaries for World Quantum Readiness Day.

CHOOSE YOUR LANGUAGE

Choose your language