payShield Trusted Management Device

The payShield Trusted Management Device (TMD) is a secure, portable solution for managing and sharing symmetric keys without direct HSM connectivity. Designed to meet evolving payment security standards, it simplifies key ceremonies through an intuitive touchscreen, smart card–based dual control, and QR code key sharing.

TMD enables secure remote key generation, distribution, and auditing across multiple HSMs and data centers. By eliminating manual data entry, reducing operational complexity, and strengthening compliance, payShield TMD delivers flexible, efficient, and highly secure key management.

Benefits of the payShield Trusted Management Device

Simplify Key Management

QR-based key import/export eliminates manual entry errors and accelerates secure, error-free key transfers.

Improve Efficiency

Portable, intuitive TMD streamlines key management, eliminates manual errors, and enables fast, secure key distribution.

Increase Flexibility

Secure TMD allows remote key management, multi-team control, versatile formats, and flexible retrospective key creation.

Strengthen Security

Encrypted TMD touch screen with smart card access and comprehensive audit logs ensures secure, compliant key management.

payShield Trusted Management Device

A secure, portable solution for remote key management. It streamlines symmetric key generation, distribution, and auditing across multiple HSMs and data centers, eliminating manual errors, reducing operational complexity, and ensuring compliance with PCI, X9 TR-31, and ANSI standards for highly secure payment environments.

Thales payShield is the #1 ranked solution in top Payment HSM solutions.

PeerSpot users give Thales payShield an average rating of 9.5 out of 10.

Hear what experts say

Securely share encryption keys with payShield Trusted Management Device

Explore the payShield Trusted Management Device Specifications

Key management functionality	Generate key components Form keys from components Split existing keys into components Key sharing methods – QR codes, smart cards, USB tokens and paper components Compatible with HSMs that support TR-31 / X9.143 key management (e.g. Thales payShield 10K)
Physical and logical security	Tamper-responsive physical design – sensitive key data erased immediately in the event of an attack Secure touch screen – sensitive key information encrypted at the point of capture Dual control login via smart card for administrators and operators Up to 20 independent Master ZMKs (MZMKs) per payShield TMD MZMK cryptographic key strength – DES (double / triple length) and AES (128, 192 and 256 bits) Comprehensive audit log
Device physical characteristics	7” touch screen display Integral smart card reader Integral camera and thermal printer Dimensions: 72 x 114 x 231 mm (H x W x D) Power: 5V/2A switching power adapter, Li-Ion battery Operating temperature: 0 to 50C
Security certifications and compliances	PCI HSM certified Key Loading Device (KLD) PCI PIN Compliant

Thales Ranked #1 in ABI Research’s Payment HSM Competitive Ranking

This recognition highlights Thales’ deep-rooted expertise in cryptography, and its trusted payShield HSM product lines used by financial institutions worldwide.

Learn More

Thales Ranked #1 in ABI Research’s Payment HSM Competitive Ranking

payShield Trusted Management Device (TMD)