What Is A Payment Hardware Security Module (HSM)? - Thales

node/746 What is a Payment Hardware Security Module (HSM)? node-746

Key & Secrets Management

• What is Encryption Key Management?
• What is a Centralized Key Management System?
• What is Bring Your Own Key (BYOK)?
• What is FIPS 140-2?
• What is DNSSEC?
• What is a Credentials Management System?
• What is Key Management Interoperability Protocol (KMIP)?
• What is an Asymmetric Key or Asymmetric Key Cryptography?
• What is a Symmetric Key?
• What is the Encryption Key Management Lifecycle?

Encryption

• What is Storage Encryption?
• What is Network Encryption?
• What is Transparent Encryption?
• What is End-to-End Encryption?
• What is Point-to-Point Encryption?
• What is Application Layer Encryption?
• What is Tokenization?
• What is Dynamic Masking?
• What is Data at Rest?
• What is Full-Disk Encryption (FDE) and What are Self-Encrypting Drives (SED)?
• What is data center interconnect (DCI) layer 2 encryption?

Hardware Security Modules

• What is a General Purpose Hardware Security Module (HSM)?
• What is a Payment Hardware Security Module (HSM)?
• What Is Remote HSM Management?
• What is Host Card Emulation (HCE)?
• What is Root of Trust?

Signing, Certificates and Stamping

• What is a Digital Certificate?
• What is a Certificate Authority?
• What is Code Signing?
• What is a Digital Signature?
• What is Time Stamping?

Public Key Infrastructure (PKI)

• What is PKI?
• What is certification authority or root private key theft?
• What is inadequate separation (segregation) of duties for PKIs?
• What is insufficient scalability in a PKI?
• What is subversion of online certificate validation?
• What is lack of trust and non-repudiation in a PKI?

Data Protection & Security Regulations

• What is GDPR (General Data Protection Regulation)?
• What Is Pseudonymisation?

PCI DSS Compliance

• Why Does PCI DSS Matter?
• Why Should My Organization Maintain a Universal Data Security Standard, If It Is Subject to PCI DSS?
• What Are the Core Requirements of PCI DSS?
• Can I Use PCI DSS Principles to Protect Other Data?
• How Can I Protect Stored Payment Cardholder Data (PCI DSS Requirement 3)?
• How Can I Encrypt Account Data in Transit (PCI DSS Requirement 4)?
• How Can I Restrict Access to Cardholder Data (PCI DSS Requirement 7)?
• How Can I Authenticate Access to System Components (PCI DSS Requirement 8)?
• How Can I Monitor Access to Cardholder Data (PCI DSS Requirement 10)?
• How Can I Make Stored PAN Information Unreadable?

Data Security in the Cloud

• How Do I Extend my Existing Security and Data Controls to the Cloud?
• How Do I Protect Data as I Move and Store it in the Cloud?
• How Do I Ensure the Cloud Provider Does Not Access my Data?
• Can I Use my own Encryption Keys in the Cloud?
• How Do I Enforce Data Residency Policies in the Cloud and, Specifically, Comply with GDPR?
• How Do I Track and Monitor Data Access and Usage in the Cloud?
• Can I Secure Containers in the Cloud or across Different Clouds?
• How Do I Secure my Data in a Multi-Tenant Cloud Environment?
• What is the Shared Security Model?
• What is the Cloud Security Alliance?
• What is the Cloud Controls Matrix?
• What is the Consensus Assessment Initiative Questionnaire?
• What is SalesForce Shield Platform Encryption?
• What is Multi-Cloud Key Management?

Internet of Things (IoT)

• What Are the Key Requirements of IoT Security?
• What Do Connected Devices Require to Participate in the IoT Securely?
• Are There Security Guidelines for the IoT?
• Why Is Device Authentication Necessary for the IoT?
• Why Is Secure Manufacturing Necessary for IoT Devices?
• Why Is Code Signing Necessary for IoT Devices?
• What is IoT PKI?

Thales Special Reports

• What Is the 2019 Thales Data Threat Report?
• What is the 2018 Thales Data Threat Report?
• What is the 2019 Thales Data Threat Report, Federal Edition?

EMEA Compliance

• What is PSD2?
• What is eIDAS?
• What is DEFCON 658?
• What is the South Africa POPI Act?

APAC Compliance

• What is Australia Privacy Amendment (Notifiable Data Breaches) Act 2017 Compliance?
• What is Japan’s My Number Compliance?
• What is Monetary Authority of Singapore Guidance Compliance?
• What is Philippines Data Privacy Act of 2012 Compliance?
• What is South Korea’s PIPA Compliance?

Americas Compliance

• What is New York State’s Cybersecurity Requirements for Financial Services Companies Compliance?
• What is FISMA Compliance?
• What is FIPS 199 and FIPS 200 Compliance?
• What is FIPS 140-2 Certification?
• What is NCUA Regulatory Compliance?
• What is Sarbanes-Oxley (SOX) Act Data-at-Rest Security Compliance?
• What is NAIC Insurance Data Security Model Law Compliance?
• What is FedRAMP?
• What is GLBA Compliance?
• What is HIPAA HITECH?
• What is FDA/DEA EPCS Compliance?
• What is NIST 800-53, Revision 4?

Global Compliance

• What is GDPR?
• What is PCI-DSS?
• What are “Common Criteria”?
• What are Data Breach Notification Requirements?
• What is Data Residency?
• What is ISO 27799:2016?
• What is PCI HSM?
• What is SWIFT CSC?
• What is ISO/IEC 27002:2013?

Zero Trust

• Why do we need the Zero Trust security model now?
• What is Zero Trust security?
• Why do you need Zero Trust security?
• What role does authentication and access management play in zero trust security?
• What are the key concepts of Zero Trust security?

What is a Payment Hardware Security Module (HSM)?

A payment HSM is a hardened, tamper-resistant hardware device that is used primarily by the retail banking industry to provide high levels of protection for cryptographic keys and customer PINs used during the issuance of magnetic stripe and EMV chip cards (and their mobile application equivalents) and the subsequent processing of credit and debit card payment transactions. Payment HSMs normally provide native cryptographic support for all the major card scheme payment applications and undergo rigorous independent hardware certification under global schemes such as FIPS 140-2, PCI HSM and other additional regional security requirements such as MEPS in France and APCA in Australia for example.

Some of their common use cases in the payments ecosystem include:

• PIN generation, management and validation
• PIN block translation during the network switching of ATM and POS transactions
• Card, user and cryptogram validation during payment transaction processing
• Payment credential issuing for payment cards and mobile applications
• Point-to-point encryption (P2PE) key management and secure data decryption
• Sharing keys securely with third parties to facilitate secure communications

Related Articles

• Thales Payment HSMs
• payShield 9000
• payShield 9000 Data Sheet
• HSM Security Overview

Search Partners Resources Blogs Sentinel Drivers