Freeing from the On-Premises “Ball and Chain”

Financial services organizations have faced hurdles moving their payment application workloads to the cloud, in part because on-premises hardware security modules (HSMs) have felt like a “ball and chain.” Since the use of physical payment HSMs is mandated by payment and security regulations, financial services providers and retailers have long viewed on-premises HSMs as the only way to ensure compliance. It’s tough to make the move to the cloud when the critical portion of infrastructure is on-premises.

But what if you could ditch that ball and chain without missing a beat and maintain compliance? It might sound a bit improbable, especially as payment HSMs are the security backbone of encryption and key management: handling the security of every transaction processed, validating credit cards, and encrypting and decrypting sensitive data. For years, Futurex HSMs have provided the critical cryptographic infrastructure the financial industry requires to enable secure, scalable commerce around the world.

Next-Generation Financial Security Is in the Cloud

While on-premises computing will likely have a long tail, the future is pointing to the cloud. And that where our next generation of cloud payment HSMs come in. They provide everything you need for meeting regulatory requirements, securing payment processing, and managing your entire cryptographic infrastructure entirely in the cloud. Goodbye ball and chain.

Making payment applications easier to integrate with HSMs is the next step to expanding the use of payment applications in the cloud. With the industry’s first web API for payment HSMs, developers can now more easily integrate their payment applications with Futurex’s enterprise encryption and key management technology, including Futurex’s VirtuCrypt cloud payment HSMs.

Consider how native cloud payment HSMs plus native cloud payment applications are integral to next-generation financial processing:

• Financial transaction acquiring. All types of ecommerce, including PIN, CVV, and EMV validation, MAC generation, mobile payment acceptance
• Card and mobile issuance. Mobile payment issuance, online and mobile PIN management
• Point-to-Point Encryption (P2PE). Cardholder data decryption, encryption, and translation

Payment Applications Already in the Cloud

Payment applications can easily be offloaded to the cloud — think financial acquiring, financial issuing, P2PE — while meeting security and payment compliance requirements such as FIPS 140-2 validation, PCI DSS, PCI P2PE, and PCI PIN. The cloud enables faster development and deployment — with less overhead — and the ability to easily scale globally.

Why is payment processing in the cloud so important? Shrey Rastogi, with Temenos, explains in FinExtra: “A vendor’s cloud applications must be able to talk seamlessly with the rest of the bank’s systems — something that is truer for payments than for any other service. This is because payment solutions need to be connected across all customer channels and the bank’s key systems — from fraud and anti-money laundering to core banking and analytics platforms.”

The financial industry is undergoing a strategic transformation, with all signs pointing to the cloud. Those who have taken steps forward to manage their critical payment applications and workloads in the cloud are at an advantage. Is it time to evaluate your cryptographic infrastructure and cloud payment strategy?

Schedule a meeting with one of our crypto solutions architects today.