thoroughly
back to writing
2026 · 04 · 11 · 2 min read · paymentssecurity

The Anatomy of a Card Tap: What Happens in 1 Second

Multiple systems, multiple keys, and PIN translation. Here is how your card actually routes through the MyDebit network.

You tap your card. The terminal beeps twice.

Peep peep.

“Receipt?” the cashier asks. You shake your head, grab your coffee, and leave.

The whole tap took less than a second.

But in that second, your card silently crossed multiple systems, multiple encryption boundaries, and a few quietly careful security checks — and came back with a yes or no.

Here’s what actually happened.

Your Maybank card. A Public Bank merchant. Two completely separate banks. How does the message even know where to go?

The first 6 to 8 digits of your card number — the BIN — uniquely identify your bank. BINs never overlap between issuers, so the switch keeps a routing table that maps every BIN range to the bank it belongs to. The acquirer hands the message off, and the switch looks up the line.

But Public Bank’s side doesn’t talk to Maybank directly. It doesn’t have to. In Malaysia, every bank connects to one central switch — MyDebit. One plug. When a new bank joins the ecosystem, they call PayNet, not every other bank in the country.

A switchboard in the middle and a card number that tells it which line to ring.

Transaction flow: You → Merchant → Acquirer → Payment Switch (PayNet) → Issuer. MAC verified at every hop. PIN translated inside the HSM, not readable in transit.

What stops someone from changing the payload?

Before the message leaves the acquirer, it’s stamped with a MAC (Message Authentication Code) — a unique fingerprint of that exact message, produced using a secret key. PayNet receives it, runs the same check, and verifies the fingerprint matches.

Doesn’t match? Something changed. Transaction rejected.

The fingerprint is generated using a key — but that key isn’t just sitting around. It was produced by an HSM (Hardware Security Module), a tamper-proof device that holds a master secret it never reveals.

Every working key used in the transaction traces back to that master secret. Try to crack the HSM open and it wipes itself, taking the entire chain of trust with it. Every hop in the journey — acquirer to PayNet, PayNet to your bank — goes through this same verification.

The PIN Translation Problem

Here’s the thing: nobody in this chain ever actually saw your PIN. The moment you entered it, it was encrypted. It traveled as gibberish. Not even PayNet, sitting in the middle of the entire transaction, can read it.

But there’s a problem. PayNet still needs to pass the PIN to your bank, and your bank uses a different key than the acquirer side. The PIN is locked in a box only one key can open, and the bank doesn’t have that key.

So inside PayNet’s HSM, the PIN block gets re-wrapped: unlocked with one key, locked again with your bank’s key. This is called PIN translation. Ciphertext goes in, different ciphertext comes out. Nothing readable ever leaves the box. Your bank receives it, unwraps it, checks it.

Approved. Peep peep.

You grab your coffee.

Multiple systems. Multiple keys. Multiple verifications. And the entire thing is engineered around one quiet assumption: trust nobody in the middle.