Hoppa över navigering

Azure Payment HSM achieves PCI PIN certification offering customers secure digital payments solutions in the cloud

Inlägg på 21 september, 2022

Corporate Vice President, Azure Security

This blog post has been co-authored by Darius Ryals, General Manager of Partner Promises and Azure Chief Information Security Officer.

Today we’re announcing Azure Payment HSM has achieved Payment Card Industry Personal Identification Number (PCI PIN) making Azure the first hyperscale cloud service provider to obtain this certification.

Financial technology has rapidly disrupted the payments industry and securing payment transactions is of the utmost importance. Azure helps customers secure their critical payment infrastructure in the cloud and streamlines global payments security compliance. Azure remains committed to helping customers achieve compliance with the Payment Card Industry’s leading compliance certifications.

Enhanced security and compliance through Azure Payment HSM

Azure Payment HSM is a bare metal infrastructure as a service (IaaS) that provides cryptographic key operations for real-time payment transactions in Azure. The service empowers financial institutions and service providers to accelerate their digital payment strategy through the cloud. Azure Payment HSM is certified across stringent security and compliance requirements established by the PCI Security Standards Council (PCI SSC) including PCI DSS, PCI 3DS, and PCI PIN and offers HSMs certified to FIPS 140-2 Level 3 and PCI HSM v3.

Azure Payment HSM enables a wide range of use cases. These include payment processing for card and mobile payment authorization and 3D-Secure authentication; payment credential issuing for cards, wearables, and connected devices; securing keys and authentication data for POS, mPOS, Remote key loading, PIN generation, and PIN routing; sensitive data protection for point-to-point encryption, security tokenization, and EMV payment tokenization.

Azure Payment HSM is designed to meet the low latency and high-performance requirements for mission-critical payment applications. The service is comprised of single-tenant HSMs offering customers complete remote administrative control and exclusive access. HSMs are provisioned and connected directly to users’ virtual networks, and HSMs are under users’ sole administration control. HSMs can be easily provisioned as a pair of devices and configured for high availability.

Azure Payment HSM provides great benefits for both payment HSM users with a legacy on-premises HSM footprint and those new payment ecosystem entrants who may choose a cloud-native approach from the outset. The customer could be a payment service provider acting on behalf of multiple financial institutions or a financial institution that wishes to directly access the Azure Payment HSM.

Leverage Azure Payment HSM PCI PIN certification

PINs are used to verify cardholder identity during online and offline payment card transactions.

The PCI PIN Security Standard contains requirements for the secure management, processing, and transmission of PIN data and applies to merchants and service providers that store, process, transmit, or can impact the security of PIN data.

Azure Payment HSM customers can reduce their compliance burden by leveraging Azure’s PCI PIN Attestation of Compliance (AOC) which addresses Azure’s portion of responsibility for each PCI PIN requirement and contains the list of certified Azure regions. The Azure Payment HSM Shared Responsibility Matrix is also available to help customers significantly reduce time, effort, and cost during their own PCI PIN assessments by simplifying the compliance process.

Learn more

When moving payment systems to the cloud, payment security must adhere to Payment Industry’s mandate compliance without failure. Financial institutions and service providers in the payment ecosystem including issuers, service providers, acquirers, processors, and payment networks would benefit from Azure Payment HSM. To learn how Microsoft Azure capabilities can help, see the resources below: