What is a Payment Hardware Security Module (HSM)?
A payment HSM is a hardened, tamper-resistant hardware device that is used primarily by the retail banking industry to provide high levels of protection for cryptographic keys and customer PINs used during the issuance of magnetic stripe and EMV chip cards (and their mobile application equivalents) and the subsequent processing of credit and debit card payment transactions. Payment HSMs normally provide native cryptographic support for all the major card scheme payment applications and undergo rigorous independent hardware certification under global schemes such as FIPS 140-2, PCI HSM and other additional regional security requirements such as MEPS in France and APCA in Australia for example.
Some of their common use cases in the payments ecosystem include:
A root of trust is the foundation of a cryptographic system. Digital security is dependent on cryptographic keys that encrypt and decrypt data and perform functions such as signing and verifying signatures, and ensuring the integrity of those keys and the cryptographic functions within a secure environment such as an HSM is paramount.
PIN generation
Management and validation
PIN block translation
during the network switching of ATM and POS transactions
Card validation
Card user and cryptogram validation during payment transaction processing
Payment credential issuing
Payment credential issuing for payment cards and mobile applications
Point-to-point encryption (P2PE)
Point-to-point encryption (P2PE) key management and secure data decryption
Sharing keys
Sharing keys securely with third parties to facilitate secure communications