What is a Payment Hardware Security Module (HSM)?
A payment HSM is a hardened, tamper-resistant hardware device that is used primarily by the retail banking industry to provide high levels of protection for cryptographic keys and customer PINs used during the issuance of magnetic stripe and EMV chip cards (and their mobile application equivalents) and the subsequent processing of credit and debit card payment transactions. Payment HSMs normally provide native cryptographic support for all the major card scheme payment applications and undergo rigorous independent hardware certification under global schemes such as FIPS 140-2, PCI HSM and other additional regional security requirements such as MEPS in France and APCA in Australia for example.
Some of their common use cases in the payments ecosystem include:
- PIN generation, management and validation
- PIN block translation during the network switching of ATM and POS transactions
- Card, user and cryptogram validation during payment transaction processing
- Payment credential issuing for payment cards and mobile applications
- Point-to-point encryption (P2PE) key management and secure data decryption
- Sharing keys securely with third parties to facilitate secure communications