Skip to main content

Does Futurex’s VirtuCrypt Cloud HSM meet compliance requirements?

HSM environments must meet a range of compliance requirements. Adherence to these requirements is typically the responsibility of the company or transaction processor, but when deploying cloud HSMs, the cloud services provider bears the responsibility.

VirtuCrypt Environment Certifications

VirtuCrypt services undergo annual audits to ensure that all environmental compliance and certification requirements are maintained. These standards include the Payment Card Industry Data Security Standard (PCI DSS) and PCI PIN Transaction Security requirements (PTS).

  • PCI DSS is a set of standards and requirements used to protect cardholder data at rest, in transit, and in use. It addresses both technical requirements and operational policies and procedures.
  • PCI PTS is a set of standards and requirements that must be followed in environments accepting PIN-based payment transactions. PCI HSM requirements are managed within the overall standard of PCI PTS.

Compliance with PCI standards is enforced by the five major payment card brands who established the Payment Card Industry Security Standards Council (PCI SSC), including American Express, Discover, JCB, Mastercard, and Visa.

A full list of environment certifications and standards met by VirtuCrypt is listed here:

  • PCI P2PE – Decryption Management Component – Reference # 2017-01115.001
  • PCI DSS – Performed by External Assessor
  • PCI PIN – Performed by External Assessor
  • Visa Approved Service Provider – ESO, Merchant Servicer, TPS-PIN
  • Acquirer/issuer specific validations
Futurex Hardware Certifications

As previously mentioned, the VirtuCrypt cloud is powered by a vast array of Futurex HSMs, key management servers, and other technologies regionally distributed across highly secure data centers. All Futurex HSMs within VirtuCrypt services are FIPS 140-2 Level 3-validated secure cryptographic devices (SCDs) and are compliant with PCI, and ASC X9.24 Part 1 and 2 requirements.

  • FIPS 140-2 Level 3, certificate number 3373 for the GSP3000 cryptographic module
  • PCI HSM, approval number 4-10219 for the GSP3000 cryptographic module and 4-10230
Securing the world's most sensitive data.
Request Demo ▸