- By Use Case
- By Industry
- By Compliance
- Services & Support
- Contact Us
Data Security & Data Communication
The Payment Card Industry Hardware Security Module (PCI HSM) specification defines a set of logical and physical security compliance standards for HSMs specifically for the payments industry. The payShield 9000 HSM from Thales e-Security was one of the first HSMs to be successfully validated against the PCI HSM standard.
HSMs play a critical role in securing payment transactions, so it is essential that the HSMs themselves are kept secure throughout their lifecycle—from manufacturing and shipment to operation and decommissioning. The PCI HSM compliance certification standard provides HSM vendors with a strict set of security requirements and a rigorous process for having platforms assessed against these requirements.
PCI HSM compliance certification is increasingly becoming a fundamental requirement for various payment processes, including PIN processing, card verification, card production, ATM interchange, cash-card reloading and key generation.
The payShield 9000 HSM has feature-rich software certified to the PCI HSM standard. It addresses all the processes below and more.
To be PCI HSM compliant, a platform must address the following physical security requirements:
Tamper-detection and response mechanisms
Resilience to abnormal environmental and operating conditions
Protection of sensitive data within the device
Preventing disclosure of sensitive information by external monitoring techniques
Protection of cryptographic keys inside the device, even if the security boundary is breached
Software and Settings
HSM software, configuration and management must address the following logical security requirements:
Resilience against unexpected command sequences or operating modes
Secure firmware management
Strong authentication prior to running sensitive services
Secure key management and key separation to prevent misuse and eliminate cleartext exposure of sensitive data and PINs
Secure audit trail
The HSM vendor is required to provide evidence to the PCI HSM evaluation team that effective processes are in place to ensure that the HSM is secured at all times, from the time of manufacture to packaging and shipment to the end user.