Introducing the payShield 10K

The new payShield 10K builds on Thales' esteemed history of digital payment protection to deliver a future-proof hardware security module (HSM).

payShield 10K

payShield 10K, the fifth generation of payment HSMs from Thales eSecurity, delivers a suite of payment security functionality proven in critical environments including transaction processing, sensitive data protection, payment credential issuing, mobile card acceptance and payment tokenisation. Like its predecessors over the past 30+ years, payShield 10K can be used throughout the global payment ecosystem by issuers, service providers, acquirers, processors and payment networks.

Playing a fundamental security role for both face-to-face and digital remote payments, it delivers the necessary trust that underpins the communications between payments participants. payShield 10K addresses the latest mandated security requirements and best practices for a wide range of organizations including EMVCo, PCI SSC, GlobalPlatform, Multos, ANSI and the various global and regional payment brands and networks.


Request for a payShield Demo

Simplify deployment

Our payment HSMs are capable of being securely configured, managed and monitored remotely from locations of convenience to reduce your costs and simplify your ongoing operations.

Maximize resilience

Equipped with dual hot-swappable power supplies and fans, our latest HSMs significantly increase the mean time between failure (MTBF) and simplify field maintenance.

Leverage proven integrations

Thales eSecurity payment HSMs are the most widely deployed in the world and are supported by the largest number of payment application providers. http://www.thalesesecurity.com/partners/technology-partners

Card/Mobile Payments Support

payShield 10K has a comprehensive range of functions that supports the needs of the leading payment brands (American Express, Discover, JCB, Mastercard, UnionPay and Visa) including:

  • PIN and card verification functions for all major payment brands
  • EMV transaction authorization and messaging
  • Mobile payment transaction authorization and key management
  • Remote Key Loading for ATM and POS devices
  • Regional/National key management (including Australia, Germany and Italy)
  • Mastercard On-behalf key management (OBKM) support
  • Magnetic stripe and EMV-based data preparation and personalization including mobile provisioning
  • PIN generation and printing
Cryptographic Algorithms
  • DES and Triple-DES key lengths 112 & 168 bit
  • AES key lengths 128 bit, 192 bit & 256 bit
  • RSA (up to 4096 bits)
  • HMAC, MD5, SHA-1, SHA-2
Financial Services Standards
  • ISO: 9564, 10118, 11568, 13491, 16609
  • ANSI: X3.92, X9.8, X9.9, X9.17, X9.19, X9.24, X9.31, X9.52, X9.97
  • ASC X9 TR-31, X9 TG-3/TR-39
  • APACS 40 & 70
Host Connectivity
  • TCP/IP & UDP (1Gbps) – dual ports
  • Secure Host Communications Management option for TLS authenticated sessions on Ethernet host port
Security Certifications
  • FIPS 140-2 Level 3 (security sub-system) in progress
  • PCI HSM v3 (selected software versions) in progress
Base software packages

Base software packages with a range of performance levels are available to align closely with customer deployment and usage requirements.

Optional software licenses

Optional licenses are available to extend payShield functionality and can be acquired and installed at any time throughout the product lifecycle.

Package and license upgrades

As your transaction volumes grow or you need to support new application use cases, performance is boosted via software licenses and additional HSMs with different software packages can be added to the estate and managed as easily as the installed base.

payShield Manager

payShield 10K HSMs can be managed in local or remote mode using the payShield Manager browser-based application. The remote mode of payShield Manager is specifically designed to eliminate the need to travel to data centers for HSM management requires the purchase of an additional license.

payShield Monitor

A comprehensive monitoring platform for both payShield 9000 and payShield 10K HSMs that enables operations teams to gain 24x7 visibility into the status of all their payShield HSMs, including those residing across distributed data centers.

Smart cards

Secure smart cards to hold local master key (LMK) components for master key management and authentication credentials associated with remote HSM management options are available in packs of 6, 30 or 100 to suit a wide range of customer deployment requirements.

Additional PSUs and fans

Each payShield 10K devices is fitted with dual hot-swappable power supply units (PSUs) and fans as standard. To provide coverage in the unlikely event of a hardware failure you can purchase spare PSUs and fans in advance to avoid any scheduled downtime.

Replacement locks and keys

payShield 10K uses two highly secure locks with associated keys on the front panel as part of the security administration procedures. The items are tightly controlled and registered and are not available on the open market. In the event that the device locks are damaged or keys are lost, a secure service to provide replacement locks and key is available from Thales.

Data Sheet : payShield 10K

payShield 10K is a payment hardware security module (HSM) that can be used throughout the global payment ecosystem by issuers, service providers, acquirers, processors and payment networks. It plays a fundamental security role in securing the payment credential issuing, user authentication, card authentication and sensitive data protection processes for both face-to-face and digital remote payments.

Download

Brochure : Transaction processing using payShield HSMs

Thales payShield HSMs are the devices of choice for leading payment solution providers and technology vendors. This document provides an overview of the features and benefits of the payShield transaction processing functionality that is used to help secure the retail payments ecosystem.

Download

Brochure : Sensitive data protection in the retail card payments ecosystem

This document provides an overview of how organizations can leverage a mixture of the payShield HSM and Vormetric Data Security Platform solutions to provide complete protection of sensitive data as part of their retail card payment processing activities which are linked to a customer PAN. The technology covered is suitable for protecting transactions made using physical plastic cards (contact and contactless), mobile wallet transactions (in-store and remote) and online/e-Commerce browser-based transactions.

Download

Brochure : Payment credential issuing using payShield HSMs

Thales HSMs have been used for years to prepare data for EMV chip cards, personalize the cards and help manage the complete lifecycle of the cryptographic keys and associated payment application credentials. payShield also supports the data preparation and provisioning of mobile devices, wearables and connected devices used to make payments. This document provides an overview of the payShield issuance functionality.

Download

Data Sheet : payShield Manager

payShield Manager offers local and remote management options for both payShield 10K and payShield 9000 HSMs. It enables remote operation of HSMs via a standard browser interface, leveraging smart card access control to establish secure connections with HSMs. payShield Manager enables key management, security configuration and software and license updates to be carried out remotely.

Download

Data Sheet : payShield Monitor

payShield Monitor is a comprehensive HSM monitoring platform that enables operations teams to gain 24x7 visibility into the status of all their payShield HSMs, including those residing across distributed data centers. With this solution, security teams can efficiently inspect HSMs and find out immediately if any potential security, configuration or utilization issue may compromise their mission-critical infrastructure.

Download

Data Sheet : payShield 9000

Thales payShield 9000 is a hardware security (HSM) payment module that provides the cryptographic protection required for ATM, point of sale (POS), credit and debit card issuance, and processing of transactions. Encryption and management functionality meets or exceeds the operational and security requirements of the major international card systems, including American Express, Discover, JCB, MasterCard, UnionPay and Visa. It is deployed as an external peripheral for mainframes and servers running card issuance applications, mobile platform provisioning, and payment processing software for the electronic payment industry.

Download

Watch our interactive demo Explore
Schedule a live demo Schedule
Get in contact with a specialist Contact us