CRYPTOGRAPHIC INFRA SERVICES
PAYMENT & DATA PROTECTION SOLUTIONS
Ensuring that the security backbone of business is delivered in a seamless, efficient and dependable manner
Ensuring that the security backbone of business is delivered in a seamless, efficient and dependable manner
Encryption is at the Core of Modern Life and at VERISEC we build and deliver services used by Banks, Governments and other types of organizations to protect their data, transactions and online communications.
To meet our Customers' evolving requirements for new business and delivery models, we have made the transition from a product-based, to a Services-first company.
Our Services portfolio ranges from highly specialized Support & Maintenance for our customers' encryption infrastructure, Key Management as a Service and Fully Managed Infrastructure services. And from 2023, we also offer our own Cloud Payment HSM Service, called VERISEC | 10XPAY, so that Banking and Payment processing customers can enjoy a fully outsourced Payment-Encryption-As-a-Service Infrastructure, compliant with all relevant industry standards, to be used to secure payments, as well as other related Encryption Services.
The surge in Data Breaches and more strict regulations make encrypting databases, file servers and other data repositories an urgent requirement for many organizations.
Secure validation for Card, Mobile and other emerging payment technologies, in line with most relevant regulations, such as PCI, to prevent fraud and cybercrime.
The digitalization of many legal and fiscal processes often require integrity checks and digital signatures that rely on secure Encryption functionality.
The confidentiality and integrity of communications across insecure networks like the Internet, relies on Encryption that is anchored on secure hardware.
ON PREMISES
For organisations that choose to have their Encryption infrastructure on their own Datacenter or that of a current hosting partner, VERISEC offers equipment from the leading Encryption vendors, delivered standalone or as part of a service-based model, with no Capex costs and including installation & setup, advanced maintenance and monitoring, among other functionality. With a dedicated specialist team, 24x7 monitoring and assistance and same-day Hardware replacements. Our specialist team can also assist with the infrastructure setup so that all relevant regulations are fulfilled.
IN THE CLOUD
With all kinds of technologies moving to a Cloud model in order to reap all the benefits in scalability, reliability, and cost flexibility, among others. Encryption Infrastructure like HSMs are no exception, even though they do require some special conditions like secure key management and low latency response. VERISEC’s leading Encryption Partners offer General HSM Cloud solutions of various kinds and at Verisec we have developed our own Cloud Payment HSM service VERISEC | 10XPAY that fulfills all the Performance, Security and Resilience requirements, while still being compatible with relevant regulations, such as PCI DSS.
Installation & Setup
Encryption Infrastructure, such as Hardware Security Modules (HSMs), require very precise processes for their installation and setup, with some procedures being able to be performed remotely and others requiring onsite presence. Local Master and Working Key Loading, KeyBlock and partition variable definitions, among other tasks, need to be performed by specialist so they can abide with security best practices and in line with relevant regulations, such as PCI. VERISEC’s team has plenty of experience performing these tasks, which also includes remote monitoring and management schemes.
Planned Maintenance
Encryption Infrastructure is highly critical for many organizations’ 24/7 operations and any outage can have severe consequences. Lack of maintenance can often lead to outages but in such critical environments, maintenance windows are hard to come by. VERISEC’s experienced staff can develop a detailed and personalized plan of preventive maintenance for our customers, which allows the reduction of planned downtime to a minimum, while mitigating the risk of any outage, using tried and tested strategies, specialist tools and spare equipment when needed.
Advanced Support
Beyond the standard support provided by most Encryption equipment manufacturers, VERISEC offers a range of extra benefits such as same-day onsite assistance and 4-hour hardware replacement in most of the markets we operate. This on top of the regular and premium support, which includes follow-the-sun 24x7x365 capabilities from our team of specialist engineers. Also, VERISEC’s horizontal support organization allows experienced and highly skilled staff to be assigned to solve critical support events right away, without convoluted support hierarchies and escalation processes that can lead to longer response times.
Migration Assistance
From time to time, Encryption Infrastructure needs to be replaced by newer versions from the same manufacturer, or also other formats such as Software and Cloud-based alternatives. Or even sometimes to schemes from a different manufacturer. Some migrations also involve key protection elements, such as Keyblock standards. Most of these migrations require the transfer of configurations and more importantly of multiple types of keys, including Local Master Keys. This often involves complex processes. VERISEC’s experienced staff has performed many of these migrations for our customers, using specialist tools and strategies, gathered through many years of experience.
Key Management
Keys are the core of Cryptography and handling them in critical application environments can be a very complex undertaking: they need to be generated, rotated and imported/exported in a secure way, with processes involving multiple key custodians and key ceremonies. And a lot of different regulations are involved too. VERISEC can assist organizations that have up to a large number of keys to reduce the burden of Key Management processes by using specialist proprietary technologies and automation, as well as a plethora of experience with complex key management processes.
Infrastructure Health Check
Critical Encryption infrastructure, such as Hardware Security Modules (HSMs), cannot tolerate outages that can lead to hefty operational and financial losses. VERISEC’s specialist staff can visit a customer site & review the customers infrastructure for things like configuration settings, firmware versions, application logs, check the operational procedures to ensure they are being updated & followed correctly, verify that LMK cards & back up cards are accounted for & working. From this a report can then be provided back to the customer with recommendations.
Training and Knowledge transfer
VERISEC offers an overview of the Payment industry & then a specific manufacturer´s product line. This training is tailored to suit the customer requirements related to the payment products they consume and how they use it in their environment, whilst still covering off the industry requirements around key handling, basic procedures & application integration. VERISEC also offers Custodian training: what is expected of them as related to key material. This training covers things like keys & component management, processes they should follow, what to do if a compromise is suspected, among other matters.
Documentation
Regulations related to Encryption infrastructure often require a vast amount of detailed documentation, that needs to be developed and maintain in order to obtain and maintain the relevant certifications required to operate in various encryption-related markets. VERISEC’s specialist team can provide a set of operational documentation and adapt them to a specific customer’s scenarios, in order to meet regulations such as PCI DSS. These documents range from HSM Management policies, all the way to Key Management procedures, including Key lifetime management and KeyBlock migrations.
General purpose HSMs enable companies to add hardware security to critical applications such as PKIs, databases and web- and application servers. The use of standardized cryptographic interfaces makes either vendor’s general purpose HSM ranges easy to integrate with Microsoft Certificate Services (PKI), Entrust Authority Security Manager, RSA Certificate Manager, Oracle Database, Microsoft SQL Server, and several other applications.
Thales HSMs have long been a standard within the payment industry, and with more than 25 years of experience the company has reached a market leading position. The numbers speak for themselves: Thales payShield HSMs protect 80 percent of all card transactions in the world.
nShield hardware security modules (HSMs) provide a hardened, tamper-resistant environment for secure cryptographic processing, key generation and protection, encryption, HSM key management and more. nShield hardware security modules are available in three FIPS 2-140 certified form factors such as network, PCI Express and USB depending on needs and requirements supporting a variety of deployment scenarios.
Network attached nShield Connect HSMs provide shared services to multiple hosts, balancing workload and providing high availability.
Embedding nShield Solo HSM within a host application server delivers dedicated performance and provides a tight binding between application and keys within the security module.
The highly portable, direct USB attached nShield Edge HSMs suit scenarios where it is assigned to individual developers or used for off-line key generation. It is ideal for cryptographic key generation in Bring Your Own Key (BYOK) cloud deployments.
As of April 2019 nCipher is part of Entrust. Read more in the link below.
>>> Entrust Datacard completes purchase of nCipher Security from Thales
Thales has announced the end of sales and support for previous generation nShield Solo & Connect (non+) models. End of Sales was December 31st, 2015 and end of support December 31st, 2018. For more information regarding the Eos plans, please click on the link below.
>>> End of support for previous generation nShield Solo & Connect (non+) models
Thales is a leading provider of general purpose hardware security modules (HSMs) worldwide. The Thales Luna HSM product family represents one the highest-performing, most secure, and easiest-to-integrate HSM solution available on the market today.
Luna HSM are available in multiple form factors such as network, PCI Express and USB depending on needs and requirements.
Luna HSMs are purposefully designed to provide a balance of security, high performance, and usability that makes them an ideal choice for enterprise, financial, and government organizations.
For further information regarding Thales general purpose HSMs, visit Thales website.
payShield 10K is an HSM designed to meet the needs and requirements of the payment industry. It’s the fifth generation of payment HSMs from Thales eSecurity and replaces the now end of sales payShield 9000. It performs tasks such as PIN protection and validation, transaction processing, key management and payment card issuance – capable of handling both chip cards (EMVs) and magnetic stripe cards. It delivers high assurance protection for ATMs, POS terminals and credit card transactions, while providing operational ease.
payShield 10K also supports the growth in global transaction volumes with a range of cryptographic performance options, including the highest performance figures in the industry – processing up to 10 000 calculations per second (CPS).
For more information on payShield 10K, please visit the Thales product page.
Thales announces product End of Life notice for payShield 9000
The last time to buy on hardware is 30th June 2020 and the
end-of-life for support will be 31st December 2022.
Key Dates:
No new orders for payShield 9000 hardware will be accepted after 30th June 2020
No new orders for payShield 9000 software customization services will be accepted after 31st December 2021
Accessories, spares and upgrades (packages/optional icenses/performance) can still be ordered until 31st December 2022
Please remember that support on payShield 9000 V2.x software expires on 31st December 2020 (as advised in an October 2017 notice) – migration to V3.x software should be completed before this date
Bug fixes and hardware repairs on base and custom payShield 9000 installations available until 31st December 2022 (subject to a valid maintenance support contract being in place)
Product end-of-life for support purposes on 31st December 2022 for payShield 9000
For further information: Product end of life notice.pdf
