Skip to main content

Do VirtuCrypt Cloud Services meet compliance requirements?

Payment HSM environments are responsible for meeting a range of compliance requirements. Adherence to these requirements is typically the responsibility of the financial institution or transaction processor, but when deploying cloud HSMs, the cloud services provider bears the responsibility.

VirtuCrypt Environment Certifications

VirtuCrypt services undergo annual audits to ensure that all environmental compliance and certification requirements are met and maintained. These standards include the Payment Card Industry Data Security Standard (PCI DSS) and PCI PIN Transaction Security requirements (PTS).

  • PCI DSS is a set of standards and requirements used to protect cardholder data at rest, in transit, and in use. It addresses both technical requirements and operational policies and procedures.
  • PCI PTS is a set of standards and requirements that must be followed in environments accepting PIN-based payment transactions. PCI HSM requirements are managed within the overall standard of PCI PTS.

Compliance with PCI standards is enforced by the five major payment card brands who established the Payment Card Industry Security Standards Council, including American Express, Discover, JCB, Mastercard, and Visa.

A full list of environment certifications and standards met by VirtuCrypt is listed here:

  • PCI P2PE – Decryption Management Component – Reference # 2017-01115.001
  • PCI DSS – Performed by External Assessor
  • PCI PIN – Performed by External Assessor
  • Visa Approved Service Provider – ESO, Merchant Servicer, TPS-PIN
  • Acquirer/issuer specific validations
Futurex Hardware Certifications

As previously mentioned, the VirtuCrypt cloud is powered by a vast array of Futurex hardware security modules, key management servers and other technologies regionally distributed across highly secured data centers. All Futurex HSMs within its VirtuCrypt services are FIPS 140-2 Level 3-validated Secure Cryptographic Devices and are compliant with Payment Card Industry (PCI), and ASC X9.24 Part 1 and 2 requirements.

  • FIPS 140-2 Level 3, certificate number 3373 for the GSP3000 cryptographic module
  • PCI HSM, approval number 4-10219 for the GSP3000 cryptographic module and 4-10230
Securing the world's most sensitive data.
Request Demo ▸