Explanation of HSM, Tokenization Appliances And Their Cooperation

There are a lot of features which credit card processing software should possess; fraud protection is one of them especially taking into account the increasing level of fraud. Consequently, new and new solutions are emerging to cope with this problem, for instance, credit card data encryption methods: HSM (hardware security module) and a tokenization appliance. These two methods are often mixed up and sometimes it is thought that they can replace each other, but actually they should be used together.

HSM is a hardware device which protects and manages digital keys for strong authentication and provides crypto-processing. HSM performs the following functions: encryption/decryption of card numbers, card PINs decryption, EMV cryptogram and card security code verification, etc. HSM encrypts the data and generates the token but it does not store the data that’s why this device is not able to decrypt the data without a tokenization appliance. On the other hand a tokenization appliance always uses HMS and implements some logic on the top of it which is in charge for interaction with an HMS through API, encryption of the card number and token creation, encryption keys tracking and rotation, tokens decryption.

Credit card processing companies are often interested in information on how to implement these solutions. They can buy both of them HSM and a tokenization appliance, buy HSM and license tokenization appliance or buy HSM and develop their own vault software. Everything is going to depend on the budget available and your resources.

Some more details on these two solutions which are going to be useful for credit card processing services are provided in the new article published at #UniPayGateway.

You can also visit our Payment Advice Portal Paylosophy where a lot of articles describing different payment issues are available.