London-based Kashing Ltd. offers small merchants a broad range of digital payment services that previously have only been available to mid- and large-scale businesses. Established to empower small independent companies, Kashing’s solutions provide options for online, face-to-face, and mobile payment transactions.
With its omnichannel portfolio, Kashing presents a uniform way to accept and manage payments, removing the barriers traditionally found with banks and other finance companies.
As a relative newcomer to the massive financial services marketplace, Kashing is heavily focused on establishing a robust foundation for its rapidly expanding business. Gert Horne, chief security officer and Kashing co-founder, observed, “Security is at the very core of our business: Just about everything we do revolves around ensuring the ongoing integrity of the data we hold.”
He continued, “Our commitment to protecting sensitive data goes much deeper than just attaining compliance but being certified is certainly tangible, objective proof that we are serious about security.”
Kashing’s business objectives for growth dictated the need for an architecture capable of scaling to support expanding transaction volumes, accompanied by requirements for highavailability and elevated throughput capabilities.
To safeguard the integrity of each transaction, Kashing created an architecture that utilizes point-to-point encryption of all sensitive information. The payer, payee and all transaction details remain protected from the original point-of-sale (POS) through to back-end processing. Hein de Kock, a senior developer for Kashing, elaborated, “We needed to identify a solution that could handle encryption of all our data in motion but additionally, in order to provide comprehensive coverage across our entire infrastructure, we also wanted to protect the static data that we hold.”
The small, and even micro-sized businesses targeted by Kashing are frequently run by entrepreneurs with minimal technical knowledge. “We’re all about ease-of-use and bringing simplicity to what is already an overly complicated world, so whatever encryption methods we selected must be completely transparent to our users,” noted de Kock.
Neil Osborne, digital marketing account executive at Kashing, concurred, “Our approach is that we are ‘Secure by Default’ – we really don’t want our clients to have to become security experts. Our subscribers are like family to us and by identifying best-in-class solutions we’re able to ensure that all personal information is secure.”
Kashing selected the Thales payShield 9000 HSM to facilitate transaction encryption and remote key injection into the company’s POS card reader which is used typically by their small merchant customers to accept face-to-face card payments in conjunction with the Kashing app on their smartphone or tablet. “Throughout our evaluation period we were continually impressed by the HSM’s performance and the excellent technical support we received, especially the Thales team’s willingness to work with us to accomplish our goals,” noted Horne.
He added, “We were given access to a virtual device that allowed us to accurately simulate the operational scenarios that we were planning and to begin development before having our physical device. This really confirmed that payShield is the right choice for us.”
Originally focused on encrypting transaction-related traffic, the broad capabilities of the Thales HSM creates an expanded role in the Kashing architecture: “It transpired that payShield is a great fit for encrypting our static data,” observed de Kock. “We’re able to apply all of the benefits of the HSM to our archived records too.”
Horne commented, “Thales has been extremely instrumental in Kashing attaining PCI DSS compliance: The ability to perform end-to-end encryption and key management across all inmotion and at-rest data addresses significant components of the standard. In fact, we’re one of only a handful of companies that are a payments company and designated by PCI as a qualified security assessor [QSA].”
The Kashing team includes a number of members located outside of its London headquarters, placing emphasis on the ability to remotely manipulate code and perform administration tasks. “We need to have hands-on control of the devices from anywhere, and Thales has done a fantastic job in the hardware design,” stated de Kock. “The flexibility to log into payShield from my laptop at home and make changes to the HSM is just amazing.”
Horne summarized, “I’ve had in-depth exposure to payShield – the way it’s designed, the layout, the construction, the way that it operates, and it’s a natural choice for Kashing. From many perspectives – especially any involving integrity, availability, scalability and quality of service – Thales inspires me in the design and creation of our own environment.
“I strongly recommend Thales.”
About Thales eSecurity
Thales eSecurity is a leader in advanced data security solutions and services that deliver trust wherever information is created, shared or stored. We ensure that the data belonging to companies and government entities is both secure and trusted in any environment – on-premises, in the cloud, in data centers or big data environments – without sacrificing business agility. Security doesn’t just reduce risk, it’s an enabler of the digital initiatives that now permeate our daily lives – digital money, e-identities, healthcare, connected cars and with the internet of things (IoT) even household devices. Thales provides everything an organization needs to protect and manage its data, identities and intellectual property and meet regulatory compliance – through encryption, advanced key management, tokenization, privileged user control and high assurance solutions. Security professionals around the globe rely on Thales to confidently accelerate their organization’s digital transformation. Thales eSecurity is part of Thales Group.