VERISEC | 10XPAY: THE NEW ERA OF PAYMENT SECURITY

Payment Cryptography infrastructure, based mainly around Payment Hardware Security (HSM) Modules, continues to be a crucial element in digital and face-to-face payments worldwide. However, the acquisition, setup, operation and maintenance of this infrastructure has for many years involved considerable costs and effort from financial organizations. Some of the main issues related to this old infrastructure model relate to a lack of flexibility to incorporate new environments and applications, crippling complexity, substantial compliance overheads and a slow, expensive and wasteful scalability setup to cope with growing demand and operation peaks.

stop living in the upside down

VERISEC 10XPAY is Payment Cryptography as a Service that provides all the functionality of a Payment HSM on a Cloud-only setup, that allows financial entities — from very large banks and payment processors, to Fintechs and startups to securely validate and process all kinds of digital and electronic payments. While experiencing the simplicity, scalability, flexibility, low-overheads, among many other benefits that organizations have now come to expect from state-of-the-art Cloud services. All this within a fully compliant PCI DSS, PCI PTS PIN, PCI P2PE environment.  

TURN UP FOR A NEW ERA IN PAYMENT CRYPTOGRAPHY

SCALABLE
Enable automatic on-demand escalibilty to cater for any peaks with one click

Escaling Payment Cryptography infra to cater for growing demand has been a steep climb for too long

scalable

Payment Cryptography as a Service allows financial entities to automatically cater for the constant increase in payment processing volumes and weather any expected or unexpected demand peaks, such as Black Friday, Holidays, etc. Without the need to keep acquiring more and more fixed on-prem infrastructure that would then be wasted for most of the time. 

Full control of your Crypto infra compliance with one click

Ever-growing Compliance requirements related to Payment Cryptography infra keep swamping admin teams

ComplianT

Payment Cryptography as a Service allows financial entities of all types and sizes to substantially reduce the scope of their Compliance requirements, and the effort required from their teams to meet them. The service is already fully PCI DSS, PCI PTS PIN and PCI P2PE compliant and reports can be simply downloaded directly from a secure customer portal, ready to be integrated into any audit framework an organization is using. And with new local and global standards being added constantly.

FULL CONTROL OF YOUR PAYMENT CRYPTOGRAPHY WITH ONE CLICK

Payment Cryptography infra has required too many boxes, too much complexity for too long

SIMPLE

Payment Cryptography as a Service allows financial entities of all types and sizes to have full control of their Cryptographic Keys, crucial for all payment processes, through a fully resilient Cloud-based API service and a user-friendly Secure Customer Portal, all PCI DSS, PCI PTS PIN and PCI P2PE compliant. Practically eliminating the complexity related to Key Management in on-prem Hardware Security infrastructure, achieving operational efficiencies and reducing the risk for costly outages.

Connect any App and environment with any Key with one click

Limited Cryptography infra resources servicing many apps & environments means too many twists and turns

FLEXIBLE

Payment Cryptography as a Service allows financial entities of all types and sizes to connect any Application and/or environment (Prod, Dev, QA, etc) with any interface they require (TCP, RESt API, etc), and with any Cryptographic Keys, command lists, firmware versions or security and configuration settings they would need to test or use by simply enabling this from the service’s secure customer portal. Without the need to setup any new infra or connectivity, all in a matter of minutes.

Full Control for customers over their Cryptography Keys at all times

Many Cloud Payment HSM vendors require customers to give up full control of their Payment Cryptography Keys

control

Payment Cryptography as a Service allows financial entities to keep full control over their critical Cryptographic keys in a simple and secure way, using the Verisec 10XPAY Secure Customer Portal and the PCI-certified Verisec 10XPAY Key Loading Device terminal. All this within a PCI compliant framework and without the need for customers to give up any control over those keys and having them encrypted under other keys in the exclusive control of the Service Provider or other third parties, with all the resulting possible administrative, compliance, security and operational complications and problems this entails.

Perform any changes to Payment Cryptography anytime with zero downtime risks

For too long any changes or adjustments to Payment Cryptographic infra has involved potential service interruptions

SIMPLE / resilience

Payment Cryptography as a Service allows financial entities to make any required changes and adjustments to the Authorized Activities and Commands, along with other settings of their Payment Cryptography setup, including the upload, enabling/disabling of Cryptographic Keys without the risk of interrupting continuous service to payment applications. With no requirement for complicated checklists and protocols and device state changes and visits to dark data centers with esoteric-looking physical keys. 

Hassle and risk free Key migrations achieved at the push of a button

Payment Cryptography Key migrations and rotations have been a perilous undertaking for too long

FLEXIBLE / migrations

Payment Cryptography as a Service allows financial entities to continue using their current Keys from their current Payment HSM setups without the need of any risky “big bang” migrations involving the issuing of new keys, this through a real Bring Your Own Key (BYOK) scheme. And then once the keys are in the service, the periodical mandatory rotations that are required by many card schemes and others can be easily achieved, either through the Secure Customer portal or using the PCI PIN certified Key Loading Device (KLD) for secure key injections.

Cryptographic Key download and/or removal at the push of a buTTON

MANY CLOUD PAYMENT HSM VENDORS MAKE IT IMPOSSIBLE for ORGANIZATIONS TO LEAVE WITH THEIR PAYMENT CRYPTOGRAPHY KEYS

FLEXIBLE / key freedom

Payment Cryptography as a Service allows financial entities to easily download their Cryptographic keys in a simple and secure way, and if they choose to, also fully and safely remove them from the service. All of this within a PCI compliant framework. Even though we work hard to make sure our customers don’t leave the service, we understand that their Keys are theirs and they are entitled to proceed with them as they wish and we provide them with tool required to do so, either through our secure Customer Portal and the Key Loading Device terminal.