As new technologies emerge, so do new cybercrime attack vectors. Data encryption and security is increasingly important for enterprises of all sizes. Given the value of Customer Payment Data to the criminal world, it is especially targeted. Sensitive data such as financial information, e-mails, PINs, electronic medical records, social security numbers, and payment transactions must be protected.
The payment ecosystem contains some of the most complex and vulnerable processes that we have today. It involves many institutions with technology stacks that are processing and potentially storing highly sensitive data, making it a prime target for sophisticated attacks. All stakeholders are working together to provide a security solution that protects customer information because this entire system is only as strong as its weakest link, being its employees and the underlying technology protecting it. At the heart of this payment processing security landscape sits a Hardware Security Module (HSM). Most likely many HSMs.
An HSM provides cryptography for transaction processing, including secure communications, endpoint authentication and card/PIN verification. Using strong cryptographic algorithms, HSMs store and generate keys, ensuring that the master key never leaves the vault. These keys are used to validate customer card details and determine if transactions should be authorized or declined. As HSMs are considered the highest level of security they are rated and certified using the FIPS 140-2 standard. At a glance, a “good” financial HSM must secure the information in transit during a transfer from one financial institution to another, translate PINs between different zones and securely protect cryptographic keys; which are in transit inside payment networks.
Adding to the requirements of protecting all this data are the expectations that the banking industry must accommodate rising customer expectations. Consumers expect anytime, anywhere banking with refined websites and applications. So, as security requirements, such as the new PCI 3.2 mandate become more stringent, banks will still need to find a way to be nimble whilst not introducing security risk.
In this article, we will discuss the importance of understanding the full scope of options available, as well as the unique characteristics of hardware-based data encryption, before selecting a solution.