Skip to main content

How are cloud payment HSMs used for payment acquiring?

PIN Translation & Verification

Organizations can configure VirtuCrypt cloud payment HSMs to translate and validate PIN blocks. The cloud payment HSMs execute the translation commands needed to prepare PIN blocks for each transaction zone. These commands include:

  • TPIN: Translate PIN blocks from one key to another
  • TPIN IBM: Translate the incoming PIN block encrypted via the IBM 4736 ATM algorithm
  • TPIN DUKPT: Allows the incoming DUKPT encrypted PIN block to be translated under an outgoing key

Like PIN translation, VirtuCrypt cloud payment HSMs support a variety of PIN verification methods including Visa, NCR, Diebold, ICM 3624, and IBM 4736 and can be configured to operate with offline & online PIN solutions.

EMV Validation

EMV (originally Europay, Mastercard, and Visa) has become the standard when issuing payment cards. As such, financial organizations must continue to expand their capabilities to effectively manage EMV validation & response. Organizations can offload EMV authorization request (ARQC) validation & response generation (ARPC) to cloud payment HSMs to quickly receive validation of EMV card transactions prior to approving funds for a purchase.

MAC Generation & Verification

You can eliminate the complexity and risk of key management by centralizing authorization processes into VirtuCrypt. Ensure strong data integrity and authenticity by generating and verifying message authentication code (MAC) in cloud HSMs specifically configured for the payments industry.

Our cloud payment HSMs can be configured to:

  • Generate standard, DUKPT, or hashed messaging code
  • Generate ISO Variant 3, or HMAC and PBKDF2 obfuscated value
  • Verify standard MAC and MAC using DUKPT
  • Generate & verify cipher-based MAC (CMAC)
Key Management & Derivation

Proper encryption key management for network keys is vital to any payment processing environment. VirtuCrypt’s next-generation cloud payment HSMs support a range of features used for these purposes:

  • Network key exchange under a common Key Exchange Key (KEK)
  • Key translation between a range of formats
  • Key derivation for a variety of methods including DUKPT & ISO 800-108 recommended methods (Counter, Feedback, and Double-Pipeline Iteration)
  • Mastercard On Behalf Key Management (OBKM)
CVV Generation & Validation

Organizations can securely validate card security codes (CVC, CVV, CVC2, CSC) from major payment providers including Visa, MasterCard, Discover and American Express with next-gen cloud payment HSMs. Administrators can appropriately configure cloud HSMs to generate and verify specific types of verification codes through API commands.

  • Card Identification Number (CID)
  • Card Security Code (CSC)
  • Card Validation Code (CVC & CVC2)
  • Card Verification Data (CVD)
  • Card Verification Value (CVV)

VirtuCrypt cloud payment HSMs can also be configured to validate CVVs with set validation conditions. Configurable conditions include output length, card verification key referencing, compatibility modes, and other functions.

Mobile Payments Acceptance

VirtuCrypt cloud payment HSMs support Google Pay, Apple Pay, and Samsung Pay.

The services related to mobile payments include:

  • Decrypting Apple Pay, Google Pay, Samsung Pay tokens
  • Generating Host Card Emulation (HCE) mobile cryptograms, magstripe verification values, and mobile keys
  • Verifying HCE mobile cryptograms and magstripe verification values
Securing the world's most sensitive data.
Request Demo ▸