Question 1

Do VirtuCrypt Cloud Services meet compliance requirements?

Futurex · Accepted Answer

Payment HSM environments are responsible for meeting a range of compliance requirements. Adherence to these requirements is typically the responsibility of the financial institution or transaction processor, but when deploying cloud HSMs, the cloud services provider bears the responsibility.

VirtuCrypt Environment Certifications

VirtuCrypt services undergo annual audits to ensure that all environmental compliance and certification requirements are met and maintained. These standards include the Payment Card Industry Data Security Standard (PCI DSS) and PCI PIN Transaction Security requirements (PTS).

PCI DSS is a set of standards and requirements used to protect cardholder data at rest, in transit, and in use. It addresses both technical requirements and operational policies and procedures.
PCI PTS is a set of standards and requirements that must be followed in environments accepting PIN-based payment transactions. PCI HSM requirements are managed within the overall standard of PCI PTS.

Compliance with PCI standards is enforced by the five major payment card brands who established the Payment Card Industry Security Standards Council, including American Express, Discover, JCB, Mastercard, and Visa. A full list of environment certifications and standards met by VirtuCrypt is listed here:

PCI P2PE – Decryption Management Component - Reference # 2017-01115.001
PCI DSS – Performed by External Assessor
PCI PIN – Performed by External Assessor
Visa Approved Service Provider – ESO, Merchant Servicer, TPS-PIN
Acquirer/issuer specific validations

Futurex Hardware Certifications

As previously mentioned, the VirtuCrypt cloud is powered by a vast array of Futurex hardware security modules, key management servers and other technologies regionally distributed across highly secured data centers. All Futurex HSMs within its VirtuCrypt services are FIPS 140-2 Level 3-validated Secure Cryptographic Devices and are compliant with Payment Card Industry (PCI), and ASC X9.24 Part 1 and 2 requirements.

FIPS 140-2 Level 3, certificate number 3373 for the GSP3000 cryptographic module
PCI HSM, approval number 4-10219 for the GSP3000 cryptographic module and 4-10230

Question 2

Do VirtuCrypt Cloud Services meet compliance requirements?

Futurex · Accepted Answer

Payment HSM environments are responsible for meeting a range of compliance requirements. Adherence to these requirements is typically the responsibility of the financial institution or transaction processor, but when deploying cloud HSMs, the cloud services provider bears the responsibility.

VirtuCrypt Environment Certifications

VirtuCrypt services undergo annual audits to ensure that all environmental compliance and certification requirements are met and maintained. These standards include the Payment Card Industry Data Security Standard (PCI DSS) and PCI PIN Transaction Security requirements (PTS).

PCI DSS is a set of standards and requirements used to protect cardholder data at rest, in transit, and in use. It addresses both technical requirements and operational policies and procedures.
PCI PTS is a set of standards and requirements that must be followed in environments accepting PIN-based payment transactions. PCI HSM requirements are managed within the overall standard of PCI PTS.

Compliance with PCI standards is enforced by the five major payment card brands who established the Payment Card Industry Security Standards Council, including American Express, Discover, JCB, Mastercard, and Visa. A full list of environment certifications and standards met by VirtuCrypt is listed here:

PCI P2PE – Decryption Management Component - Reference # 2017-01115.001
PCI DSS – Performed by External Assessor
PCI PIN – Performed by External Assessor
Visa Approved Service Provider – ESO, Merchant Servicer, TPS-PIN
Acquirer/issuer specific validations

Futurex Hardware Certifications

As previously mentioned, the VirtuCrypt cloud is powered by a vast array of Futurex hardware security modules, key management servers and other technologies regionally distributed across highly secured data centers. All Futurex HSMs within its VirtuCrypt services are FIPS 140-2 Level 3-validated Secure Cryptographic Devices and are compliant with Payment Card Industry (PCI), and ASC X9.24 Part 1 and 2 requirements.

FIPS 140-2 Level 3, certificate number 3373 for the GSP3000 cryptographic module
PCI HSM, approval number 4-10219 for the GSP3000 cryptographic module and 4-10230

Do VirtuCrypt Cloud Services meet compliance requirements?

Do VirtuCrypt Cloud Services meet compliance requirements?

VirtuCrypt Environment Certifications

Futurex Hardware Certifications

Products

Solutions

Follow us on social media

Contact us

Join our team

Stay in the know

Log in to the portal

Privacy & terms

Newsletter signup

Recent news