Thales News Release

Thales PayShield 9000 Achieves PCI HSM Compliance

November 17, 2011

Acquirers And Issuers Can Meet Card Scheme Requirements With Certified HSM

Thales, leader in information systems and communications security, announces that its award-winning payShield 9000 Hardware Security Module (HSM) has achieved PCI HSM compliance.

Acquirers and issuers can now build systems based on a PCI HSM that meet the requirements of the Payment Card Industry Security Standards Council (PCI SSC) the body established by the major card schemes (American Express, Discover, JCB, MasterCard and Visa) to improve the protection of card holder information across the global payments network and at merchant facilities. PCI HSM is the first HSM standard to be introduced to specifically address the security requirements when handling cardholder data. It is expected that PCI HSM will become the default requirement for payments-related HSMs and is already explicitly mandated in recent guidelines and encryption standards issued by the PCI SSC.

“As the leading provider of HSMs, Thales has long championed best practices and industry standards. It is vital that customers have a high level of confidence in the products they buy and independent certification of a product’s security properties is a powerful tool for establishing consistency and in building that confidence,” says Franck Greverie, Thales vice president in charge of information technology security activities. “Receiving PCI HSM certification for payShield 9000 demonstrates our commitment to achieving internationally recognized standards and compliance requirements as well as delivering innovative and high quality security solutions.”

Thales payment HSMs protect more than 70% of the world’s card payments. Designed specifically to secure card payment systems, payShield is a high-performance tamper-resistant security platform that protects cryptographic keys and other sensitive information such as customer PINs and cardholder data. payShield 9000 is the first payment HSM to meet the resilience needs of modern data centers with dual power supplies, and once installed can be managed entirely remotely reducing operational costs and the inconvenience of on site management. The superior cryptographic processing capabilities of payShield 9000 satisfy the ever-increasing demand for performance driven by rising transaction volumes and rapidly emerging payment services such as mobile phone based payments and contactless cards. Any organization deploying payments systems, virtually all of which require the use of HSMs, can now be confident they will meet future PCI SSC mandates, even as those systems evolve and grow.

Thales’s payShield 9000 was awarded Best Transaction Security Solution 2011 by SC Magazine – acknowledged for its world-leading cryptographic performance and resilience.

Products certified to PCI HSM can be found at: search under ‘product type’ and ‘HSM’).

Visit our digital media centre for industry issues and comment.