Thales News Release

Thales Achieves Cartes Bancaires (CB) MEPS Compliance For Payment HSM 8000

November 4, 2008

HSM8000 validated to Cartes Bancaires (CB) banking security standards

Thales, leader in information systems and communications security, today announces that the Payment HSM 8000 (Host Security Module), has been validated to MEPS (Methode d'Evaluation des Produits Securitaire “bancaires”), a security approval scheme used by the Cartes Bancaires (CB) banking industry. Set up in France in 1984 to establish an interbank card payment and cash withdrawal system, CB is an Economic Interest Group (EIG) with almost 200 members from French and foreign banking and financial institutions, mostly operating in France. The MEPS standard, developed by CB, regulates all cryptographic security equipment intended for use by the member banks on their payment networks in the CB system.

Thales's payment HSM 8000 first received full MEPS approval in 2006, but it is the latest RoHS (Restriction of Hazardous Substances – an EU directive requiring that manufacturers remove hazardous substances from various electrical and electronic equipment ) -compliant version that has achieved recent MEPS compliance. The HSM 8000 is used worldwide to ensure the security of PINs, keys and banking transactions used in ATM (Automatic Teller Machine), EFTPOS (Electronic Funds Transfer at Point of Sale) and interbank settlement schemes. The CB MEPS approval means that the HSM 8000 has met the stringent GIECB (Groupement d'Intérêt Economique Cartes Bancaires CB) requirements, which range from product design to how the repairs process is managed.

The originators of the first MEPS standard were inspired by the US Department of Defense publication entitled ‘Trusted Computer System Evaluation Criteria (TCSEC)'. Since then, other worldwide security standards have emerged, including ITSEC (Information Technology Security Evaluation Criteria ), Common Criteria, FIPS 140 and ISO 13491. Thales is committed to achieving compliance with global security requirements across its entire product range. The HSM 8000 is compliant with many national standards in addition to MEPS, for example, the internationally recognised technical standards of FIPS. Thales's HSM 8000 also conforms to the global requirements of the credit and debit card organisations such as MasterCard, VISA, JCB and American Express.

In addition, Thales recently joined the PCI Security Standards Council as a new participating organisation and will work with the Council to advance the understanding and adoption of the PCI Data Security Standard (DSS) and other payment card data protection standards.

The Paris-based sales manager for Thales's Information Systems Security, René Jaouen, commented: “Now that we have achieved MEPS approval of our RoHS-compliant payment HSM 8000, the Cartes Bancaires CB banking community can take advantage of our latest HSM range. As fraudsters continue to aggressively target financial institutions, Thales is committed to adhering to national and international security standards to ensure that customers' payment infrastructures remain as secure as possible. As our payment offerings continue to evolve, we are committed to achieving MEPS approval on all new products – a strategy which is fully supported by the French banking community.”