Thales Blog

How Hardware Security Modules Secure Cross-Border Payments Between Singapore and Thailand

July 6, 2021

Melvin Koh | Head of Sales Engineers, ASEAN More About This Author >

Starting from April 29, 2021, users of Singapore's PayNow and Thailand's PromptPay will be able to send up to S$1,000 or THB25,000 daily across the two countries using just a mobile number. According to a joint media release, the Monetary Authority of Singapore (MAS) and the Bank of Thailand (BOT) said the real-time payment systems link would allow customers of participating banks to transfer funds “seamlessly and securely” between accounts in the two countries.

The PromptPay - PayNow linkage is a key collaboration under the ASEAN Payment Connectivity scheme that was initiated in 2019 and closely aligns with efforts by the G20, Financial Stability Board, and other international standard-setting bodies to facilitate faster, cheaper, more inclusive, and more transparent cross-border payment arrangements.

Real-time transfers matter for customers. According to a survey, 80% of overseas money transfer users believe it is important for their recipients to be able to use the money they send to them immediately. However, equally important is the security and integrity of these transactions. Banks as well as customers need to be ensured that users are legitimate, and that integrity is protected.

Securing transaction trust with Thales Luna HSMs

This is where Thales jumps in. All participating banks have deployed Thales Luna Hardware Security Modules (HSMs) to secure and verify the transaction process. The below diagram provides an overview of the cross-border payment process.

Thales Luna HSMs are key components of the cross-border transfers to ensure:

1. Key in hardware protection
2. Secure signatures
3. Verify signatures
4. Off-loading crypto processing

Storing and protecting the keys within the FIPS 140-2 validated confines of the Thales Luna HSM is crucial for ensuring the security and integrity of the transaction. Attackers cannot get hold of this key because they need to gain physical access to the Luna HSM. Luna HSMs are located in the banks’ hardened facilities with strong physical access control. Even if a malicious insider gains physical access to the hardware, they have to extract the key out of the HSM without destroying it. However, this is nearly impossible, since Thales Luna HSMs have built-in mechanisms to identify unauthorized access and zeroize the key to avoid compromise.

The security of the keys is crucial for the integrity of the transactions. If a criminal managed to compromise the keys, they could either alter the transaction amount or derail the transaction to their favor. Either way, the trust will be damaged, and banks will face penalties for failing to comply with laws and regulations.

Thales Luna HSMs offer high-assurance, tamper-resistant, and market-leading performance to secure your sensitive data and critical applications by storing, protecting and managing your cryptographic keys. Luna HSMs help your organizations meet compliance and audit needs for GDPR, eIDAS, FIPS 140, Common Criteria, HIPAA, PCI-DSS, and others, in highly-regulated industries including Financial, Healthcare and Government.

To learn more, you may read the product brief or contact our team.