What is a Payment Hardware Security Module (HSM)?
A payment HSM is a hardened, tamper-resistant hardware device that is used primarily by the retail banking industry to provide high levels of protection for cryptographic keys and customer PINs used during the issuance of magnetic stripe and EMV chip cards (and their mobile application equivalents) and the subsequent processing of credit and debit card payment transactions. Payment HSMs normally provide native cryptographic support for all the major card scheme payment applications and undergo rigorous independent hardware certification under global schemes such as FIPS 140-2, PCI HSM and other additional regional security requirements such as MEPS in France and APCA in Australia for example.
Some of their common use cases in the payments ecosystem include:
- PIN generation, management and validation
- PIN block translation during the network switching of ATM and POS transactions
- Card, user and cryptogram validation during payment transaction processing
- Payment credential issuing for payment cards and mobile applications
- Point-to-point encryption (P2PE) key management and secure data decryption
- Sharing keys securely with third parties to facilitate secure communications
What Payment HSMs Do
Thales Payment HSMs and management tools provide flexible, efficient transaction security for retail payment processing environments, internet payment applications, and web-based PIN delivery. Ensuring the security of consumer data is essential to the integrity of intra-bank network payments, ACH transfers, check clearing, mobile payments, and credit card transactions. In addition to meeting today’s government and industry regulations and standards, Thales Payment HSM solutions are designed to anticipate tomorrow’s.
The most popular use cases
For more than 30 years, Thales payment HSMs have been involved in a wide range of applications. The main role of a payment HSM is to protect cryptographic keys and sensitive data in a highly secure manner such that the integrity of two fundamental processes is maintained:
1. Equipping consumers to make payments
- Dealing with the complexity of EMV chip cards or mobile-based applications
- Keeping control of critical user credential assets
- Maintaining a high level of security (to avoid counterfeiting or rogue payment instruments)
2. Facilitating a secure payments process
- Being able to scale quickly to handle higher transaction volumes
- Ensuring that sensitive data is protected at all times
- Facilitating transactions originating from a diverse range of payment instruments (with more and more no longer under bank control).