CMI Delivers Secure and Scalable e-commerce Solutions with Thales Payshield 9000

Flash sales, Cyber Monday, e-commerce, and many similar phrases have become common terms in our everyday online experience. Millions of people shop online, participate in cybermarketplaces, and multiple other forms of Internet-based retail. It’s safe to say that online commerce has become a vital element of Western culture.

However, countries that are newly entering this space, like Morocco, are learning about the complex issues that come hand-in-hand with online trading. Matters like cyber security and legacy banking regulations can threaten the proliferation of e-commerce throughput the country, and ignoring these puts its citizens in a vulnerable situation.

CMI Delivers Secure and Scalable e-commerce Solutions with Thales Payshield 9000

A trusted partner of Moroccan financial traders, CMI, was founded by nine of the country’s banks to provide innovative, local technology-based solutions and expertise to businesses of all sizes and industries.

Business Challenge

Morocco, one of the most economically powerful countries in Northern and Sub-Saharan Africa, prides itself on its agricultural and artisanal sectors, as well as its strong history of exporting a wide range of goods and services. However, until 2001, the country’s outdated banking regulations hindered the development of e-commerce.

Mr. Abderrahim Massaoudi, chief technology officer for CMI, explained, “In 1976, electronic banking was born in Morocco by accepting French foreign payment cards as well as Visa, Mastercard, and American Express. In 2001, CMI was formed to improve electronic banking within the country, linking Moroccan banks together to promote exchanges with merchants.”

Intrinsically international, e-commerce triggers complex considerations such as examination of banking regulations, cyber-security, and payment service provisions. “Data integrity is vital in this space,” noted Massaoudi. “Any security breach that affects CMI could greatly impact the Moroccan economy and the region’s economic standing.” Consequently, CMI mandated the identification and deployment of a local solution that would help fight against the risks of fraud related to the use of bank cards. A core criterion was a solution to manage digital keys for strong authentication and provide crypto-processing.

Technical Challenge

“CMI secures and processes over 250,000 transactions each day, which makes us one of the largest acquirers in all Africa,” said Massaoudi. “Use of e-commerce is exploding in our region, so we needed a solution that could keep pace with the volumes to keep each user’s information secure and accurate.”

To protect end-users from inherent e-commerce security risks, CMI required a solution with the flexibility to provide streamlined security and end-to-end integrity. CMI sought the guidance of Thales local partner, PCard, to assist in the search for the optimal approach.

Solution

PCard and CMI quickly determined that the capabilities of the Thales payShield 9000 hardware security module (HSM) would be the ideal match for the extensive architectural requirements. “In addition to the features and functionality, Thales was the only provider able to deliver local support and expertise,” commented Massaoudi. “Its local presence and ability to deliver 24/7 assistance sealed the deal.”

In addition to flexible licensing options, payShield 9000 provides a broad set of cost-effective capabilities, ranging from PIN validation to transaction processing, to key management and more.

The payShield HSM offers an effective combination of strong security and operational ease, maintaining a tamperresistant security platform that protects cryptographic keys and other sensitive information including customer PINs and cardholder data.

Results

Thales payShield 9000 delivers comprehensive, certified security designed to meet each of CMI’s business and technical requirements. “Thales is constantly evolving the HSM product-line but always ensuring that backward compatibility is maintained. This is a huge advantage for any long-time customer who wants to protect their original investment,” affirmed Massaoudi. “The way the Thales HSM is designed gives us the ability to meet the increasing demands from the payment transaction market without having to constantly swap our hardware.”

He added, “The implementation of payShield 9000 took just five minutes. There were no problems because the HSM is explicitly designed to meet key requirement in the electronic payment space. Once you install it, you tend to forget about it because it works smoothly right from the start.”

The partnership with PCard also has lived up to expectations: “Not only do we get support from Thales, but we also get assistance from PCard on licensing, product implementation, and we really appreciate having local expertise and resources,” stated Massaoudi.

Mission Critical

The Thales HSM enables CMI to support the commercial success of its customers by delivering simplified electronic payment in a secure and efficient manner. Massaoudi concluded, “The Thales payShield 9000 is a strong and reliable product. If the HSM failed, our entire system would fail. E-commerce volumes are rapidly expanding across the region and it is critical to us that we offer consistent services to support our customers. The security and flexibility provided by the Thales HSM gives us the confidence to deliver on our commitments.”

About Thales eSecurity

Thales eSecurity is a leader in advanced data security solutions and services that deliver trust wherever information is created, shared or stored. We ensure that the data belonging to companies and government entities is both secure and trusted in any environment – on-premises, in the cloud, in data centers or big data environments – without sacrificing business agility. Security doesn’t just reduce risk, it’s an enabler of the digital initiatives that now permeate our daily lives – digital money, e-identities, healthcare, connected cars and with the internet of things (IoT) even household devices. Thales provides everything an organization needs to protect and manage its data, identities and intellectual property and meet regulatory compliance – through encryption, advanced key management, tokenization, privileged user control and high assurance solutions. Security professionals around the globe rely on Thales to confidently accelerate their organization’s digital transformation. Thales eSecurity is part of Thales Group.

Download