VERISEC | 10XPAY: A NEW ERA IN PAYMENT SECURITY
Payment Cryptography infrastructure, based mainly around Payment Hardware Security (HSM) Modules, continues to be a crucial element in digital and face-to-face electronic payments worldwide. However, the acquisition, setup, operation and maintenance of this infrastructure has for many years involved considerable costs and effort from financial organizations. Some of the main issues related to this old infrastructure model relate to a lack of flexibility to incorporate new environments and applications, crippling complexity, substantial compliance overheads and a slow, expensive and wasteful scalability setup to cope with growing demand and operational peaks.
stop living in the upside down
VERISEC 10XPAY is Payment Cryptography as a Service that provides all the functionality of a Payment HSM on a Cloud-only setup, that allows financial entities — from very large banks and payment processors, to Fintechs and startups to securely validate and process all kinds of digital and electronic payments. While experiencing the simplicity, scalability, flexibility, low-overheads, among many other benefits that organizations have now come to expect from state-of-the-art Cloud services. All this within a fully compliant PCI DSS, PCI PTS PIN, PCI P2PE environment.
TURN UP FOR A NEW ERA IN PAYMENT CRYPTOGRAPHY
INSTANT SCALABILITY
Enable automatic on-demand scalability to cater for any operational peaks instantaneously
Scaling Payment Cryptography infra to cater for growing demand has been a steep climb for too long scalable
scalable
Payment Cryptography as a Service allows financial entities to automatically cater for the constant increase in payment processing volumes and weather any expected or unexpected demand peaks, such as Black Friday, Holidays, etc. Without the need to keep acquiring more and more fixed on-prem infrastructure that would then be wasted for most of the time.
FULL COMPLIANCE
Full control of your Crypto infra compliance with one click
Ever-growing Compliance requirements related to Payment Cryptography infra keep swamping admin teams
ComplianT
Verisec 10XPAY – Payment Cryptography as a Service allows financial entities of all types and sizes to substantially reduce the scope of their Compliance requirements, and the effort required from their teams to meet them. The service is already fully PCI DSS, PCI PTS PIN and PCI P2PE compliant and reports can be simply downloaded directly from a secure customer portal, ready to be integrated into any audit framework an organization is using. And with new local and global standards being added constantly.
SIMPLIFIED SETUP
FULL CONTROL OF YOUR PAYMENT CRYPTOGRAPHY WITH ONE CLICK
Payment Cryptography infra has required too many boxes, too much complexity for too long
SIMPLE
Verisec 10XPAY – Payment Cryptography as a Service allows financial entities of all types and sizes to have full control of their Cryptographic Keys, crucial for all payment processes, through a fully resilient Cloud-based API service and a user-friendly Secure Customer Portal, all PCI DSS, PCI PTS PIN and PCI P2PE compliant. Practically eliminating the complexity related to Key Management in on-prem Hardware Security infrastructure, achieving operational efficiencies and reducing the risk for costly outages.
FLEXIBLE ENVIRONMENTS
Connect any App and environment with any Key with one click
Limited Cryptography infra resources servicing many apps & environments means too many twists and turns
FLEXIBLE
Verisec 10XPAY – Payment Cryptography as a Service allows financial entities of all types and sizes to connect any Application and/or environment (Prod, Dev, QA, etc) with any interface they require (TCP, REST API, etc), and with any Cryptographic Keys, command lists, firmware versions or security and configuration settings they would need to test or use by simply enabling this from the service’s secure customer portal. Without the need to setup any new infra or connectivity, all in a matter of minutes.
CONTROL OVER KEYS
Full Control for customers over their Cryptographic Keys at all times
Some Cloud Payment HSM vendors require customers to give up full control of their Payment Cryptography Keys
control
Verisec 10XPAY – Payment Cryptography as a Service allows financial entities to keep full control over their critical Cryptographic keys in a simple and secure way, using the Secure Customer Portal and the PCI-certified Verisec 10XPAY Key Loading Device (KLD) terminal. All this within a PCI compliant framework and without the need for customers to give up any control over their keys, like it is the case with other Service providers that require customer keys to be encrypted under their own, with all the resulting possible administrative, compliance, security and operational complications and problems this entails.
ASSURED RESILIENCE
Perform any changes to Payment Cryptography anytime with zero downtime risks
For too long any changes or adjustments to Payment Cryptographic infra has involved potential service interruptions
RESILIENT
Verisec 10XPAY – Payment Cryptography as a Service allows financial entities to make any required changes and adjustments to the Authorized Activities and Command pools, along with other settings of their Payment Cryptography setup, including the upload, enabling/disabling of Cryptographic Keys without the need to interrupt continuous service to their payment applications, with the risk this entails. With no requirement for complicated checklists and protocols and device state changes or any visits to dark data centers with esoteric-looking physical keys.
EASE OF MIGRATION
Hassle and risk-free Key migrations achieved at the push of a button
Payment Cryptography Key migrations and rotations have been a perilous undertaking for too long
KEY MIGRATION
Verisec 10XPAY – Payment Cryptography as a Service allows financial entities to continue using their current Keys from their existent Payment HSM setup without the need of any risky “big bang” migrations involving the issuing of new keys, this through a real Bring Your Own Key (BYOK) scheme. And then once the keys are in the service, the periodical mandatory rotations that are required by many card schemes and others can be easily achieved, either through the Secure Customer Portal or using the PCI PIN Certified Key Loading Device (KLD) for secure remote key injections.
NO VENDOR LOCK-IN
Cryptographic Key download and/or removal at the push of a button
MANY CLOUD PAYMENT HSM VENDORS MAKE IT VERY HARD FOR ORGANIZATIONS TO LEAVE WITH THEIR PAYMENT CRYPTOGRAPHY KEYS
KEY REMOVAL
Verisec 10XPAY – Payment Cryptography as a Service allows financial entities to easily download their Cryptographic keys in a simple and secure way, and if they choose to, also fully and safely remove them from the service. All of this within a PCI compliant framework. Even though we work hard to make sure our customers don’t want to leave the service, we understand that their Keys are theirs only and they are entitled to proceed with them as they wish and we provide them with the tools required to do so, either through our Secure Customer Portal and the Key Loading Device terminal.