As organizations are looking to meet their world-class security and cloud integration needs, what should they be looking for? We offer 10 questions to ask before migrating your payment HSM. Questions that will help as organizations are evaluating solutions to address pain points, on-premises and cloud strategies, scalability issues, and general purpose vs. Paymentsup with one of requirements.
FIPS 140-2 Level 3-validated HSMs provide the cryptographic power needed for critical infrastructures to secure every transaction at the point of sale, behind the cash register, and in the cloud. With customers’ sensitive financial data at stake, it’s vital that the payment processing infrastructure combines world-class security with world-class performance.
But let’s face it, cryptographic key management can be challenging.
The Importance of Future-Proofing
“At the end of the day, organizations want to improve their data security,” writes Ryan Smith, vice president, global business development, at Futurex, in his Infosecurity Magazine article, Challenges and Future Trends in Cryptography. “Many organizations have been taking a minimalist approach to their key management until recently. As organizations grow, many find it challenging to build out their cryptographic architecture to manage PKI, identity management, and data at rest. They must untwine some bad habits, particularly concerning key and certificate management, to build for today but also plan for tomorrow,”
Common cryptography challenges facing organizations:
- Laborious in-person key management
- No cloud migration strategy
- Legacy payment HSM environments
- Managing large groups of HSMs in different locations
- Supply chain issues
The biggest question on many organizations’ mind is around cloud strategy. Considering that banks, credit unions, transaction processors, and acquirers all need to process and manage sensitive financial data at scale, they are inevitably looking to the cloud for everything they do on-premises (and more), including:
Transaction Acquiring:
- CVV generation and validation
- EMV validation
- Mobile payment acceptance
- PIN translation and verification
- Payment key management
- MAC generation and verification
Card and Mobile Issuing:
- EMV key generation & derivation
- Online and mobile PIN management
- Mobile token issuance (Apple Pay, Google Pay, Samsung Pay, and host card emulation tokens)
- PIN and offset generation
Point-to-Point Encryption
- Cardholder data decryption
- Cardholder data translation
- Point-to-point encryption key management
Additionally, when migrating or upgrading HSMs, organizations must look to “always on, always available” features — also referred to as high availability — for their high-volume financial transaction processing and nth degree of throughput scalability. “The vital role of encryption requires that cryptographic infrastructures be built on a high availability architecture,” notes Futurex’s Adam Cason, vice president of global and strategic alliances in his ISACA article, Why Cryptographic Infrastructures Require High Availability.
Innovation at the Core
In the HSM space, Futurex was named a leader in hardware security modules by ABI Research, offering the first solution to combine both general purpose and payments functionality on one server, as well as being the first to design a completely cryptographic environment for cloud HSM infrastructures. Learn more about Futurex’s VirtuCrypt Cloud Payment HSM, a finalist in Fintech Finance Awards 2021 “Invisible Security” category and featured in The Green Sheet’s Improve your security posture with cloud cryptography.
Do you have more questions? Contact us today!
This is the third blog post in a series of three on migrating your HSM. Read the first blog post: Time to Migrate Your HSM? Look for World-Class Security, Performance, and Cloud Scalability Flexibility. Read the second blog post: Cloud HSMs: “Anywhere Infrastructure” is in Demand.