Payment Cryptography infrastructure, based mainly around Payment Hardware Security (HSM) Modules, continues to be a crucial element in digital and face-to-face payments worldwide. However, the acquisition, setup, operation and maintenance of this infrastructure has for many years involved considerable costs and effort from financial organizations. Some of the main issues related to this old infrastructure model relate to a lack of flexibility to incorporate new environments and applications, crippling complexity, substantial compliance overheads and a slow, expensive and wasteful scalability setup to cope with growing demand and operation peaks.
VERISEC 10XPAY is Payment Cryptography as a Service that provides all the functionality of a Payment HSM on a Cloud-only setup, that allows financial entities — from very large banks and payment processors, to Fintechs and startups to securely validate and process all kinds of digital and electronic payments. While experiencing the simplicity, scalability, flexibility, low-overheads, among many other benefits that organizations have now come to expect from state-of-the-art Cloud services. All this within a fully compliant PCI DSS, PCI PTS PIN, PCI P2PE environment.
Payment Cryptography as a Service allows financial entities to automatically cater for the constant increase in payment processing volumes and weather any expected or unexpected demand peaks, such as Black Friday, Holidays, etc. Without the need to keep acquiring more and more fixed on-prem infrastructure that would then be wasted for most of the time.
Payment Cryptography as a Service allows financial entities of all types and sizes to substantially reduce the scope of their Compliance requirements, and the effort required from their teams to meet them. The service is already fully PCI DSS, PCI PTS PIN and PCI P2PE compliant and reports can be simply downloaded directly from a secure customer portal, ready to be integrated into any audit framework an organization is using. And with new local and global standards being added constantly.
Payment Cryptography as a Service allows financial entities of all types and sizes to have full control of their Cryptographic Keys, crucial for all payment processes, through a fully resilient Cloud-based API service and a user-friendly Secure Customer Portal, all PCI DSS, PCI PTS PIN and PCI P2PE compliant. Practically eliminating the complexity related to Key Management in on-prem Hardware Security infrastructure, achieving operational efficiencies and reducing the risk for costly outages.
Payment Cryptography as a Service allows financial entities of all types and sizes to connect any Application and/or environment (Prod, Dev, QA, etc) with any interface they require (TCP, RESt API, etc), and with any Cryptographic Keys, command lists, firmware versions or security and configuration settings they would need to test or use by simply enabling this from the service’s secure customer portal. Without the need to setup any new infra or connectivity, all in a matter of minutes.
Payment Cryptography as a Service allows financial entities to keep full control over their critical Cryptographic keys in a simple and secure way, using the Verisec 10XPAY Secure Customer Portal and the PCI-certified Verisec 10XPAY Key Loading Device terminal. All this within a PCI compliant framework and without the need for customers to give up any control over those keys and having them encrypted under other keys in the exclusive control of the Service Provider or other third parties, with all the resulting possible administrative, compliance, security and operational complications and problems this entails.
Payment Cryptography as a Service allows financial entities to make any required changes and adjustments to the Authorized Activities and Commands, along with other settings of their Payment Cryptography setup, including the upload, enabling/disabling of Cryptographic Keys without the risk of interrupting continuous service to payment applications. With no requirement for complicated checklists and protocols and device state changes and visits to dark data centers with esoteric-looking physical keys.
Payment Cryptography as a Service allows financial entities to continue using their current Keys from their current Payment HSM setups without the need of any risky “big bang” migrations involving the issuing of new keys, this through a real Bring Your Own Key (BYOK) scheme. And then once the keys are in the service, the periodical mandatory rotations that are required by many card schemes and others can be easily achieved, either through the Secure Customer portal or using the PCI PIN certified Key Loading Device (KLD) for secure key injections.
Payment Cryptography as a Service allows financial entities to easily download their Cryptographic keys in a simple and secure way, and if they choose to, also fully and safely remove them from the service. All of this within a PCI compliant framework. Even though we work hard to make sure our customers don’t leave the service, we understand that their Keys are theirs and they are entitled to proceed with them as they wish and we provide them with tool required to do so, either through our secure Customer Portal and the Key Loading Device terminal.