Royalgate Produces the World’s First End-to-End Mobile Acceptance Solution for all Card Types

How Thales HSMs Helped a Leader In Payment Solutions Secure a Revolutionary New Mobile Card Acceptance Solution.

The Goal: Create The First All-In-One Solution For Secure Card Acceptance Utilizing Mobile Technology

ROYALGATE, saw a tremendous market opportunity. The trend towards flexibility and mobility was clear – it wasn’t just micro-merchants, doorto-door salesmen and mobile businesses that wanted flexibility to accept card payments anywhere. Larger businesses like restaurants, retail sites and events companies were looking to add value and improve customer service by moving payment transactions away from traditional cashier scenarios and to wherever the customer wanted to pay.

What these businesses lacked was an easy-to-use, all-in-one solution that could take advantage of the explosion of mobile devices and convert any smartphone or tablet into a payment terminal. There were plenty of payment service providers, terminal manufacturers and more than enough manufacturers of smartphones, but no one had yet developed an all-in-one software/hardware solution that would let businesses easily process card payments regardless of the card type in use. ROYALGATE wanted to be the first.

The product they envisioned included a card reader, connecting directly or wirelessly to any smart device, to encrypt payment data as it is received from the card. It would provide strong security utilizing the DUKPT (Derived Unique Key Per Transaction) key management scheme in hardware, and also provide the mobile device application and back-end payment processing. Finally, it would read any kind of card, including magnetic stripe, chip and even contactless cards – a world’s first.

A significant challenge, they knew, would be security. They not only needed an end-to-end solution that could be certified by all applicable associations, but also that provided strong protection for the over-the-air wireless and Bluetooth components that were important to the ease of use of the system.

  • Protect your data with comprehensive, certified security specially designed for card issuing and payment processing.
  • Speed deployment with off-the-shelf support for all major payment applications.
  • Ensure business continuity with redundant hardware, field serviceable components, and support for clustering and failover.
  • Reduce cost of maintenance and compliance with a choice of software options tailored for issuers, processors, and acquirers.
  • Improve ROI - a range of scalable, high-performance models enables you to pay only for the capacity you need.

The Solution: Thales PayShield 9000

To solve their security requirements around cryptographic key generation, protection and overall management, ROYALGATE selected Thales payShield 9000, a hardware security module designed specifically for payments applications. As the most widely deployed payment HSM in the world, payShield 9000 offered the high assurance protection, cryptographic functionality and superior key management features proven to meet or exceed the security audit requirements of all major international card schemes. payShield 9000, with its built-in DUKPT capabilities, enabled ROYALGATE to use it to securely generate and inject encryption keys into PayGate readers in Japan, prior to shipping them to their merchant customers.

The Thales HSM provided the high assurance cryptographic security that was critical to creating an end-to-end solution that could be PCI DSS certified. ROYALGATE wanted to ensure protection for the entire chain of transactions – from the point of card data acceptance to the mobile application to the data center to the acquirer.

Why Thales?

  • Robust and proven technology. payShield 9000 offered comprehensive payments capabilities, including mature support for the DUKPT key management scheme.
  • Speed. payShield 9000 offered a proven solution with a range of scalable, high-performance models so ROYALGATE could pay only for the capacity they required.
  • Time to market. As the world’s leading payment HSM, payShield 9000 offered standard functionality and specifications that enabled ROYALGATE to develop their new solution more easily and get it to market faster
  • Certifications. Because payShield 9000 has all major certifications and validations, ROYALGATE knew this would be an enabler to securing the approval of the Japan Credit Card Association.
  • Support. Thales was able to provide support for the deployment at many levels – from technical support in the installation to critical help and education on the DUKPT protocol.

Thales payShield 9000: Proven, Scalable Payment System Security

Designed specifically for payments applications, payShield 9000 performs tasks such as PIN protection and validation, transaction processing, payment card issuance, and key management. Used in an estimated 80% of all payment card transactions, payShield 9000 is the most widely deployed payment HSM in the world. The HSM’s design benefits from over 25 years of Thales experience with payment system security, giving organizations confidence in a stateof-the-art solution that delivers an ideal combination of security and operational ease. The device is deployed as an external peripheral for mainframes and servers running card issuing and payment processing software applications for the electronic payments industry – delivering high assurance protection for Automated Teller Machine (ATM) and Point of Sale (POS) credit and debit card transactions. The cryptographic functionality and management features of payShield 9000 meet or exceed the card application and security audit requirements of the major international card schemes, including American Express, Discover, JCB, MasterCard, Union Pay and Visa. payShield 9000 is certified to FIPS 140-2 level 3 and is also available in configurations certified to the PCI HSM specification as published by the PCI Security Standards Council.