Encryption is at the Core of Modern Life and at VERISEC INTERNATIONAL we build and deliver services used by Banks, Governments and other types of organizations to protect their data, transactions and online communications.
To meet our Customers' evolving requirements for new business and delivery models, we have made the transition from a product-based, to a Services-first company.
Our Services portfolio ranges from highly specialized Support & Maintenance for our customers' encryption infrastructure, Key Management as a Service and Fully Managed Infrastructure services. And coming up (in 2022) we will offer our Banking and Payment processing customers a fully outsourced Cloud Encryption Infrastructure, compliant with relevant industry standards, to be used to secure payments, as well as other related Encryption Services.
Our Encryption Services are mainly applied in the following areas:
The surge in Data Breaches and more strict regulations make encrypting databases, file servers and other data repositories an urgent requirement for many organizations.
Secure validation for Card, Mobile and other emerging payment technologies, in line with most relevant regulations, such as PCI, to prevent fraud and cybercrime.
The digitalization of many legal and fiscal processes often require integrity checks and digital signatures that rely on secure Encryption functionality.
The confidentiality and integrity of communications across insecure networks like the Internet, relies on Encryption that is anchored on secure hardware.
AN ACCELERATED REVOLUTION IN DIGITAL PAYMENTS
Payments are going through a revolution in most parts of the world. The Pandemic has fast-forwarded the adoption of all kinds of new digital payment schemes, while the use of traditional payment methods, such as debit/credit cards and electronic transfers, has continued to expand at an accelerated pace, fueled partly by the explosion in e-commerce transactions. Electronic wallets, dedicated payment Applications and P2P payment platforms, among others, have also seen their number of users and transactions grow exponentially. The era of cash could finally be over in many parts of the world and digital payments have become a central part in the lives of most human beings. And all of this is based around the trust in digital payment schemes.
COMES TOGETHER WITH AN EXPANSION IN DIGITAL FRAUD
Unfortunately, this accelerated expansion in digital payments has come in tandem with an equally expansive growth in the number and type of digital fraud attacks, that are seriously affecting the bottom line of many financial and retail organizations of all sizes, and more importantly: eroding the ever more vital trust of many users. Therefore, the Security Infrastructure that underpins Digital Payments musts adapt to the technology schemes that accommodate the type of growth needed to deal with this expanded fraud threat, and join the Cloud Computing paradigm that is already powering many other key elements in payment technology.
WITH THE EXPECTED AND REQUIRED ADAPTATION IN REGULATIONS THAT HELP CURB DIGITAL FRAUD
In light of this required paradigm shift, industry regulators are expected to formally approve and certify the first Cloud Computing Service designs for Payment Security infrastructure (Encryption and Key Management) very soon. Until now, a space that has consisted strictly of “in-premise deployments”, where each financial institution managed their own payment security infrastructure. However these new regulations still consider that financial institutions must retain control over their cryptographic key material.
ENTER VERISEC 10XTRUST, SPECIFICALLY DESIGNED FOR THE NEW ERA OF PAYMENT SECURITY
In this new era, Financial institutions require a Cloud Payment Security Infrastructure Service that will require minimum changes to their current application environments, while still delivering high performance with no extra latency, together with advanced AI-powered real-time fraud detection capabilities. All based around a cost model tailored for their on-demand usage needs. With simplified key management processes and full compliance with all relevant standards, such as PCI.
In summary: what is required is a Payment Security Infrastructure platform that can be 10 times more scalable, 10 times more secure, 10 times more flexible and 10 times simpler to use.
This is what we are developing at VERISEC, and we call it VERISEC 10XTRUST
For organisations that choose to have their Encryption infrastructure on their own Datacenter, VERISEC offers equipment from the leading Encryption vendors, delivered as par of a service model, with no Capex costs and including installation & setup, advanced maintenance and monitoring, among others. With a dedicated specialist team, 24x7 monitoring and assistance and same-day Hardware replacements. Our specialist team can also assis with the infrastructure setup so that all revelant regulations are fulfilled.
IN THE CLOUD
With all kinds of technologies moving to a Cloud model in order to reap all the benefits in scalability, reliability, and cost flexibility, among others. Encryption Infrastructure like HSMs are no exception, even though they do require some special conditions like secure key management and low latency response. VERISEC is developing a CloudHSM environment that fulfills all the Performance, Security and Resilience requirements, while still being compatible with relevant regulations, such as PCI DSS for payments.
Installation & Setup
Encryption Infrastructure, such as Hardware Security Modules (HSMs), require very precise processes for their installation and setup, with some procedures being able to be performed remotely and others requiring onsite presence. Local Master and Working Key Loading, KeyBlock and partition variable definitions, among other tasks, need to be performed by specialist so they can abide with security best practices and in line with relevant regulations, such as PCI. VERISEC’s team has plenty of experience performing these tasks, which also includes remote monitoring and management schemes.
Encryption Infrastructure is highly critical for many organizations’ 24/7 operations and any outage can have severe consequences. Lack of maintenance can often lead to outages but in such critical environments, maintenance windows are hard to come by. VERISEC’s experienced staff can develop a detailed and personalized plan of preventive maintenance for our customers, which allows the reduction of planned downtime to a minimum, while mitigating the risk of any outage, using tried and tested strategies, specialist tools and spare equipment when needed.
Beyond the standard support provided by most Encryption equipment manufacturers, VERISEC offers a range of extra benefits such as same-day onsite assistance and 4-hour hardware replacement in most of the markets we operate. This on top of the regular and premium support, which includes follow-the-sun 24x7x365 capabilities from our team of specialist engineers. Also, VERISEC’s horizontal support organization allows experienced and highly skilled staff to be assigned to solve critical support events right away, without convoluted support hierarchies and escalation processes that can lead to longer response times.
From time to time, Encryption Infrastructure needs to be replaced by newer versions from the same manufacturer, or also other formats such as Software and Cloud-based alternatives. Or even sometimes to schemes from a different manufacturer. Some migrations also involve key protection elements, such as Keyblock standards. Most of these migrations require the transfer of configurations and more importantly of multiple types of keys, including Local Master Keys. This often involves complex processes. VERISEC’s experienced staff has performed many of these migrations for our customers, using specialist tools and strategies, gathered through many years of experience.
Keys are the core of Cryptography and handling them in critical application environments can be a very complex undertaking: they need to be generated, rotated and imported/exported in a secure way, with processes involving multiple key custodians and key ceremonies. And a lot of different regulations are involved too. VERISEC can assist organizations that have up to a large number of keys to reduce the burden of Key Management processes by using specialist proprietary technologies and automation, as well as a plethora of experience with complex key management processes.
Infrastructure Health Check
Critical Encryption infrastructure, such as Hardware Security Modules (HSMs), cannot tolerate outages that can lead to hefty operational and financial losses. VERISEC’s specialist staff can visit a customer site & review the customers infrastructure for things like configuration settings, firmware versions, application logs, check the operational procedures to ensure they are being updated & followed correctly, verify that LMK cards & back up cards are accounted for & working. From this a report can then be provided back to the customer with recommendations.
Training and Knowledge transfer
VERISEC offers an overview of the Payment industry & then a specific manufacturer´s product line. This training is tailored to suit the customer requirements related to the payment products they consume and how they use it in their environment, whilst still covering off the industry requirements around key handling, basic procedures & application integration. VERISEC also offers Custodian training: what is expected of them as related to key material. This training covers things like keys & component management, processes they should follow, what to do if a compromise is suspected, among other matters.
Regulations related to Encryption infrastructure often require a vast amount of detailed documentation, that needs to be developed and maintain in order to obtain and maintain the relevant certifications required to operate in various encryption-related markets. VERISEC’s specialist team can provide a set of operational documentation and adapt them to a specific customer’s scenarios, in order to meet regulations such as PCI DSS. These documents range from HSM Management policies, all the way to Key Management procedures, including Key lifetime management and KeyBlock migrations.
General purpose HSMs enable companies to add hardware security to critical applications such as PKIs, databases and web- and application servers. The use of standardized cryptographic interfaces makes either vendor’s general purpose HSM ranges easy to integrate with Microsoft Certificate Services (PKI), Entrust Authority Security Manager, RSA Certificate Manager, Oracle Database, Microsoft SQL Server, and several other applications.
Thales HSMs have long been a standard within the payment industry, and with more than 25 years of experience the company has reached a market leading position. The numbers speak for themselves: Thales payShield HSMs protect 80 percent of all card transactions in the world.
nShield hardware security modules (HSMs) provide a hardened, tamper-resistant environment for secure cryptographic processing, key generation and protection, encryption, HSM key management and more. nShield hardware security modules are available in three FIPS 2-140 certified form factors such as network, PCI Express and USB depending on needs and requirements supporting a variety of deployment scenarios.
Network attached nShield Connect HSMs provide shared services to multiple hosts, balancing workload and providing high availability.
Embedding nShield Solo HSM within a host application server delivers dedicated performance and provides a tight binding between application and keys within the security module.
The highly portable, direct USB attached nShield Edge HSMs suit scenarios where it is assigned to individual developers or used for off-line key generation. It is ideal for cryptographic key generation in Bring Your Own Key (BYOK) cloud deployments.
As of April 2019 nCipher is part of Entrust. Read more in the link below.
>>> Entrust Datacard completes purchase of nCipher Security from Thales
Thales has announced the end of sales and support for previous generation nShield Solo & Connect (non+) models. End of Sales was December 31st, 2015 and end of support December 31st, 2018. For more information regarding the Eos plans, please click on the link below.
>>> End of support for previous generation nShield Solo & Connect (non+) models
Thales is a leading provider of general purpose hardware security modules (HSMs) worldwide. The Thales Luna HSM product family represents one the highest-performing, most secure, and easiest-to-integrate HSM solution available on the market today.
Luna HSM are available in multiple form factors such as network, PCI Express and USB depending on needs and requirements.
Luna HSMs are purposefully designed to provide a balance of security, high performance, and usability that makes them an ideal choice for enterprise, financial, and government organizations.
For further information regarding Thales general purpose HSMs, visit Thales website.
payShield 10K is an HSM designed to meet the needs and requirements of the payment industry. It’s the fifth generation of payment HSMs from Thales eSecurity and replaces the now end of sales payShield 9000. It performs tasks such as PIN protection and validation, transaction processing, key management and payment card issuance – capable of handling both chip cards (EMVs) and magnetic stripe cards. It delivers high assurance protection for ATMs, POS terminals and credit card transactions, while providing operational ease.
payShield 10K also supports the growth in global transaction volumes with a range of cryptographic performance options, including the highest performance figures in the industry – processing up to 10 000 calculations per second (CPS).
For more information on payShield 10K, please visit the Thales product page.
Thales announces product End of Life notice for payShield 9000
The last time to buy on hardware is 30th June 2020 and the
end-of-life for support will be 31st December 2022.
No new orders for payShield 9000 hardware will be accepted after 30th June 2020
No new orders for payShield 9000 software customization services will be accepted after 31st December 2021
Accessories, spares and upgrades (packages/optional icenses/performance) can still be ordered until 31st December 2022
Please remember that support on payShield 9000 V2.x software expires on 31st December 2020 (as advised in an October 2017 notice) – migration to V3.x software should be completed before this date
Bug fixes and hardware repairs on base and custom payShield 9000 installations available until 31st December 2022 (subject to a valid maintenance support contract being in place)
Product end-of-life for support purposes on 31st December 2022 for payShield 9000
For further information: Product end of life notice.pdf
Acquisition and/or replacement of Specialist Encryption Infrastructure often involves considerable CAPEX investments from organizations, and this sometimes limits the capabilities and the amount of equipment that an organization can acquire at a time, which can in turn hamper the application of best practice principles such as having equipment available at disaster recovery sites and running multiple test environments, to give a couple of examples. In order to alleviate this VERISEC has partnered with some leading financial institutions to offer our customers accessible leasing and subscription-based schemes, with monthly, quarterly or yearly payments so they can have their ideal Encryption Infrastructure setup, regardless of initial CAPEX costs and within an OPEX-based model.