Question 1

What is the role of payment HSMs?

Futurex · Accepted Answer

Payment HSM utilization is typically split into two main categories: payment acquiring, and card and mobile issuing. Point-to-point encryption is an important part of payment acquiring.

Payment Acquiring

Payment acquiring is how merchants and banks process transactions, either through traditional card-based transactions or mobile payments.

PIN (translation and verification)

3DES and AES PIN blocks
All PIN validation methods (ISO 8583, Visa, and many others)

CVV generation and validation

All card brands (Visa, MasterCard, Amex, Discover, and others)
All variations (CVV, CVV2, CVC, CVC2, Dynamic CVV, etc.)

EMV validation

ARQC validation and ARPC generation
All current and past key derivation methods

Message Authentication Code (MAC) generation and verification

ISO 9797 Part 3 (financial MAC)
CMAC

Key management

Network key exchange
Key derivation methods (DUKPT, ISO 800-108)

Mobile payment acceptance

Google Pay, Apple Pay, and Samsung Pay token acceptance

Card and Mobile Issuing

Card and mobile issuing refers to how banks issue payment cards and provisioning mobile payment tokens.

PIN (PIN & offset generation)

IBM 3624, Visa, Diebold

Online & mobile PIN management

Supports translating PIN from RSA to symmetric PIN block
Asymmetric cryptography for mobile app integration

EMV key generation & derivation

Supports card personalization and data preparation
All current and past key derivation methods

Mobile payment token issuance

Google Pay, Apple Pay, and Samsung Pay token issuance

Due to PCI regulatory requirements, acquiring and issuing processes are typically carried out in separate HSMs. This restriction does not apply to organizations beyond the scope of PCI, however.

Point-to-Point Encryption (P2PE)

P2PE is a compliance standard developed by the PCI Security Standards Council. The P2PE standard is the framework by which organizations encrypt card data as soon as it is captured by a payment terminal. It is a function of payment acquiring. Doing so avoids sending card data "in the clear" through merchant networks, increasing data security in general.

Cardholder data decryption

Supports 3DES and AES P2PE
Supports multiple key derivation method, including DUKPT
Supports Format Preserving Encryption, including VAES and BPS

Cardholder data translation

Supports translating to processor-specific data formats
Supports multiple cipher translations

Point-to-Point Encryption key management

Full point-to-point key management lifecycle supported, including distribution to relevant entities

Question 2

What is the role of payment HSMs?

Futurex · Accepted Answer

Payment HSM utilization is typically split into two main categories: payment acquiring, and card and mobile issuing. Point-to-point encryption is an important part of payment acquiring.

Payment Acquiring

Payment acquiring is how merchants and banks process transactions, either through traditional card-based transactions or mobile payments.

PIN (translation and verification)

3DES and AES PIN blocks
All PIN validation methods (ISO 8583, Visa, and many others)

CVV generation and validation

All card brands (Visa, MasterCard, Amex, Discover, and others)
All variations (CVV, CVV2, CVC, CVC2, Dynamic CVV, etc.)

EMV validation

ARQC validation and ARPC generation
All current and past key derivation methods

Message Authentication Code (MAC) generation and verification

ISO 9797 Part 3 (financial MAC)
CMAC

Key management

Network key exchange
Key derivation methods (DUKPT, ISO 800-108)

Mobile payment acceptance

Google Pay, Apple Pay, and Samsung Pay token acceptance

Card and Mobile Issuing

Card and mobile issuing refers to how banks issue payment cards and provisioning mobile payment tokens.

PIN (PIN & offset generation)

IBM 3624, Visa, Diebold

Online & mobile PIN management

Supports translating PIN from RSA to symmetric PIN block
Asymmetric cryptography for mobile app integration

EMV key generation & derivation

Supports card personalization and data preparation
All current and past key derivation methods

Mobile payment token issuance

Google Pay, Apple Pay, and Samsung Pay token issuance

Due to PCI regulatory requirements, acquiring and issuing processes are typically carried out in separate HSMs. This restriction does not apply to organizations beyond the scope of PCI, however.

Point-to-Point Encryption (P2PE)

P2PE is a compliance standard developed by the PCI Security Standards Council. The P2PE standard is the framework by which organizations encrypt card data as soon as it is captured by a payment terminal. It is a function of payment acquiring. Doing so avoids sending card data "in the clear" through merchant networks, increasing data security in general.

Cardholder data decryption

Supports 3DES and AES P2PE
Supports multiple key derivation method, including DUKPT
Supports Format Preserving Encryption, including VAES and BPS

Cardholder data translation

Supports translating to processor-specific data formats
Supports multiple cipher translations

Point-to-Point Encryption key management

Full point-to-point key management lifecycle supported, including distribution to relevant entities

What is the role of payment HSMs?

What is the role of payment HSMs?

Payment Acquiring

PIN (translation and verification)

CVV generation and validation

EMV validation

Message Authentication Code (MAC) generation and verification

Key management

Mobile payment acceptance

Card and Mobile Issuing

PIN (PIN & offset generation)

Online & mobile PIN management

EMV key generation & derivation

Mobile payment token issuance

Point-to-Point Encryption (P2PE)

Cardholder data decryption

Cardholder data translation

Point-to-Point Encryption key management

Products

Solutions

Follow us on social media

Contact us

Join our team

Stay in the know

Log in to the portal

Privacy & terms

Newsletter signup

Recent news