PCI compliance standards defined as a set of operational and technological standards for organizations accepting or processing payment transactions that developed by the PCI (Payment Card Industry) Security Standards Council. The main aim is to ensure payment security that is vital and critical for financial institutions (FI), merchants, and other organizations that store, process, or transmit cardholder payment data.
Although the PCI Council does not have the authority to enforce compliance with its standards, it is progressively enforced by the payment card brands such as Visa, MasterCard, American Express, etc.
PCI standards are developed in collaboration with payment card firms and the PCI Security Standards Council. The initial standards they created were PCI Data Security Standard (PCI-DSS) and other standards were established throughout time, and PCI-HSM is one of the most recent. Furthermore, several of the standards have been updated over time to strengthen security requirements and make previously optional criteria mandatory.
Therefore, compliance with the PCI-HSM (Hardware Security Module) standard is becoming increasingly crucial and makes your system more reliable. As a result, it is extremely valuable for consumers, especially those operating in the banking and financial industries.
Chronologically, PCI PIN Transaction Security (PTS) HSM started with version 1.0 which was released in April 2009. The updated version 2.0 was released in May 2012 and the penultimate version 3.0 was released in June 2016 and the most recent version 4.0 “add new module Cloud-based HSMs as a Service – Multi-tenant Usage Security Requirements” was released in December 2021.
Within this scope, as stated in the chronology, PCI PTS HSM version 4.0 is the most recent version, and businesses have started to work on developing version 4.0 compliant HSMs that are essential for security and legal compliance.
Compliance with PCI PTS HSM certification depends on meeting logical and physical standards that include strict sets of security requirements and a rigorous process.
The device's physical security features are those that help prevent a physical attack on the device, such as tamper-detection and response mechanisms, sensitive data protection within the device, prevention of sensitive information leakage through the use of external monitoring techniques, and protection of cryptographic keys within the device even if the security border is breached. On the other hand, logical security characteristics include, but are not limited to, adaptability to unusual command sequences or operating modes, strong authentication, secure key management to avoid abuse and cleartext disclosure of sensitive data and PINs, management of secure firmware, etc.
ProCrypt HSM has already been granted PCI HSM 3.0 certified after passing through a stringent procedure and a stringent set of security standards, and now in testing phase for the latest version PCI PTS HSM 4.0, which we will proudly announce very soon.