Thales e-Security Payment HSM

The scalable payShield 9000 is the most widely deployed payment HSM in the world, used in an estimated 80% of all payment card transactions.

payShield 9000

Designed specifically for payment applications, payShield 9000 from Thales e-Security is a proven hardware security module (HSM) that performs such tasks as PIN protection and validation, transaction processing, mobile and payment card issuance, and key management. The payShield 9000 payment HSM solution delivers high assurance protection for automated teller machine (ATM) and point of sale (POS) credit and debit card transactions.

Payment HSM
Leverage Proven Capabilities

Delivers comprehensive, certified security specially designed for card issuing, mobile provisioning and payment transaction processing. Provides off-the-shelf support for all major payment applications.

Reduce Compliance Costs

Streamlines deployment and maintenance and reduces the cost of compliance. Features software options and a flexible platform tailored to issuers, processors and acquirers.

Maximize Resilience

Ensures maximum business continuity, offering redundant hardware, field serviceable components and support for clustering and failover.

Cryptographic Algorithms Supported

Symmetric

  • DES and Triple DES (key lengths 112 bit, 168 bit)
  • AES (key lengths 128 bit, 192 bit, 256 bit)

Asymmetric

  • RSA (key lengths up to 4096 bit)

Hashing

  • MD1
  • SHA-1
  • SHA-2
Certifications
  • FIPS 140-2 level 3
  • PCI HSM V1 (selected configurations only)
  • APCA
  • MEPS
Key Management Support
  • Thales Key Block (compliant with ANSI X9.24; superset of X9 TR-31)
  • X9 TR-31 Key Block
  • RSA Public Key
  • DUKPT for PIN and data encryption
  • Master/Session Key Scheme
  • Racal Transaction Key Scheme
  • AS2805
Base Software Packages

Thales e-Security provides a selection of base software packages that are closely aligned with customer deployment and usage requirements.

Optional Software Licenses

In addition to the base software package, you can add more functions through a series of optional licenses, which can be purchased independently and installed at any time throughout the product lifecycle.

Performance Updates

As transaction volumes grow, you can deploy additional HSMs to meet higher load requirements. You can also purchase a performance upgrade for an existing HSM.

Remote Management

Each payShield HSM can be managed remotely via the purchase of a dedicated optional license, helping to reduce operating costs.

Key Management Device (KMD)

The KMD is a standalone handheld device that builds keys from constituent components. The device operates in a highly secure manner, and eliminates the need to have a physical connection to a production HSM.

Cabinets and Runner Kits

Customers can choose from a wide range of cabinets to suit their specific data center storage requirements. Optional runners are available as kits to fit to the sides of the payShield 9000.

Replacement Locks and Keys

payShield 9000 uses two highly secure locks with associated keys on the front panel as part of the security administration procedures. The items are tightly controlled and registered and are not available on the open market. In the event customers' locks are damaged or keys are lost, Thales provides lock replacement and key supply services.

Additional Smart Cards

Each payShield 9000 is shipped with a set of blank LMK component cards as well as test LMK cards. Additional packs of 6 cards are available, helping you meet operational and security requirements across multiple data centers.

Data Sheet : payShield 9000

Thales payShield 9000 is a hardware security (HSM) payment module that provides the cryptographic protection required for ATM, point of sale (POS), credit and debit card issuance, and processing Of transactions. Encryption and management functionality meets or exceeds the operational and security requirements of the major international card system, including American Express, Discover, JCB, MasterCard, UnionPay and Visa. It is deployed as an external peripheral for mainframes and servers running card issuance applications, mobile platform provisioning, and payment processing software for the electronic payment industry.

Download

Data Sheet : Key Management Device

The Thales e-Security Key Management Device (KMD) for payment HSMs is a compact tamper-resistant security module (TRSM) that enables keys to be formed securely from separate components in a manner that is compliant with relevant security standards including X9 TR-39, ANSI X9.24-1 and PCI PIN Security. With its touch screen graphical user interface, the KMD is simple and intuitive to operate, and is compatible with the full range of Thales payment HSMs including the award-winning payShield 9000. The device configuration and management user interface complies with banking grade security best practices and the installed software is automatically validated for integrity prior to use. Upgrades are supported to meet future functional enhancements and security audit requirements.

Download

Data Sheet : payShield Manager

payShield Manager enables security teams to perform all tasks remote from data centers, reducing costs and delivering greater operational efficiency. payShield Manager is a hardware security module (HSM) management tool specifically designed for the Thales payShield 9000 HSM that operates in both local and remote modes via a standard browser interface. A secure connection to the HSM underpinned by smart card access control enables key management, security configuration and software/license updates to be carried out remotely from the data center.

Download

Case study : CreditCall

CreditCall, a leading payment gateway service provider, saw a huge opportunity to reach a new market with an innovative, mobile point-ofsale (POS) credit card payment technology. In years past, it was difficult for certain types of merchants to utilize mobile POS systems. The technology was expensive – smaller merchants often couldn’t afford the costs or want the long term contractual commitments. Traditional POS equipment requires a physical network connection meaning merchants who provided products or services away from an office or retail location were forced to either operate on a cash basis, missing out on the convenience and security that credit card payments offered, or rent expensive and bulky GPRS terminals. With the enormous popularity of mobile devices, CreditCall envisioned an opportunity to bring face-to-face card payment solutions to a whole new category of smaller businesses and micro-merchants by incorporating portable, low cost card reader devices that could connect wirelessly via (merchant-owned) tablets and smartphones to remote payment gateways. Mobile businesses like gardeners, plumbers and electricians could now accept credit card payments on-site at their customers’ homes. This solution now stands to replace conventional POS systems in certain environments, with low cost readers and mobile device-based application software. This significantly reduces cost and complexity, paving the way for widespread adoption by all types of merchants, not just micro-merchants.

Download

Case study : Mint Payments

With the decline of cash payments, merchants of all sizes are increasingly looking for a flexible, cost effective and secure payments solution to accept EFTPOS (electronic funds transfer at point of sale) and credit card transactions on the go. It is no longer just the established bank acquirers and third party processors that want to offer card-based payment solutions to merchants, with telcos and other service providers looking to integrate card payments into their solutions or expand their current offerings. Together with the increasing desire for integrators to develop payment functions into their mobile apps, a solution supporting secure card acceptance without the traditional merchant POS device installation, configuration and security audit complexity is urgently needed.

Download

Case study : Royal Gate

ROYALGATE, saw a tremendous market opportunity. The trend towards flexibility and mobility was clear – it wasn’t just micro-merchants, doorto-door salesmen and mobile businesses that wanted flexibility to accept card payments anywhere. Larger businesses like restaurants, retail sites and events companies were looking to add value and improve customer service by moving payment transactions away from traditional cashier scenarios and to wherever the customer wanted to pay.

Download

Case study : Swiftch

Swiftch, a nimble start-up company, saw an opportunity to be a part of this cashless society by providing innovative, simple and secure card-based acceptance solutions to all levels of merchants and acquirers. The biggest challenge was to choose an industry leading partner who would be able to assist in delivering a flexible, secure and scalable hardware infrastructure, compliant with the stringent Payment Card Industry Data Security Standard (PCI DSS) security requirements.

Download

Solution brief : Miura

Mobile payment card acceptance solution using Miura Shuttle and Thales payShield 9000. The Thales payShield 9000 HSM is used by the PSP to provide a card scheme certified method for remotely deploying the cryptographic keys required by the Miura Shuttle device for PIN and data encryption and to perform the secure decryption of the payment transaction data prior to onward transmission to the acquirer.

Download

Solution brief : Proxama

Learn how Proxama and Thales simplify NFC payment provisioning and transaction processing while retaining maximum control through Host Card Emulation (HCE) and tokenization. Proxama provides issuers with the flexibility to either enable NFC payment functions in an existing mobile app or wallet, such as mobile banking using Proxama’s HCE Kernel, or to use the Proxama development service to create a bespoke payment app or wallet. The Proxama system uses Thales payShield 9000 HSMs to secure communications with the mobile device to guarantee that the credentials necessary to perform transactions are protected at all times during the delivery and replenishment processes.

Download

Solution brief : Verisoft

Learn how to balance risk and security in mobile payments Build and deploy a complete end-to-end HCE ecosystem quickly and securely with a hardened root of trust. Thales payShield HSM integrates with D8 HCE Server to ensure encryption and secure storage of the keys used to generate EMV cryptograms for issued tokens. - Cover the complete end-to-end ecosystem for HCE-based payments - Separate mobile and card PANs in common customer accounts - Leverage Google Play store for mobile application downloads - Use certified HSMs throughout system to deliver maximum key protection.

Download

Посмотрите интерактивное демо Подробнее
Записаться на демо Записаться
Свяжитесь со специалистом Свяжитесь с нами