Thales payShield 9000
The next generation Hardware Security Module for payment security systems
payShield 9000 is the world’s first HSM specifically designed to secure payment systems that offers dual power supplies, supporting the resiliency needs of high-capacity shared infrastructures in mission-critical security systems within modern data centers.
It also supports the growth in global transaction volumes with a range of cryptographic performance options including the highest performance figures in the industry – processing up to 1,500 transactions per second (TPS).
Designed to meet the financial industry’s security audit requirements, including FIPS 140-2 Level 3 and the latest PCI HSM standard, payShield 9000 is the ideal choice for card schemes acquirers, processors and issuers for both the issuing and processing of all types of magnetic stripe and chip cards (EMV).
Thales's HSM technology protects ATM, POS, corporate banking, card issuing, funds transfer and share dealing technology worldwide. It has already been adopted by every major card scheme and is currently protecting 70 percent of the world's card transactions.
Thales payShield 9000 has the following benefits:
- Integrates with all leading transaction software
- Comprehensive range of software packages tailored for issuers, processors and acquirers
- Backwards compatible with HSM 8000
- Wide range of protocols/connections to connect to all types of host system
payShield 9000 has the following features:
Protecting Payment Transactions
Designed specifically to meet the needs of the payment industry with cryptographic support for the issuance of payment cards and the switching and authorisation of transactions.
High Resilience and Availability
Range of hardware and software features including dual power supplies enable continuous data center operation in the event of failure.
Comprehensive Security Optimized for Payments
Designed specifically to meet the needs of the payment industry with a feature-rich set of cryptographic functions covering all aspects of transaction processing and card issuing.
Scalable Remote Management
Enables a single security team from a single location to manage multiple payShield 9000 devices across multiple data centres without the need for travel.
Range of software packages tailored for, processors and acquirers helping to lower the cost of ownership.
Proven Payment Application Integration
Comprehensive off-the-shelf support for all major payment applications in use globally.
Flexible Upgrade Options
Range of individual software licence options together with a software customisation service designed to complement the standard software package options.
- Multiple Local Master Keys (LMKs) for secure storage and distribution of keys providing comprehensive separation of key types, applications or customer data as required
- Known test LMK for use in non-production environments
- Thales Key Block support (superset of ANSI X9.24)
- X9 TR-31 Key Block support
- RSA public key
- DUKPT (DES and Triple-DES)
- Master/Session Key
- Racal Transaction Key
- AS2805 Key (DES and Triple-DES)
- DES and Triple-DES (two and three key)
- RSA (up to 2048 bits)
- AES and ECC via software upgrade
- Range of performance models up to 1500 Triple-DES PIN block translates/second using key blocks
- Multi-threading to exploit full performance capability
- Clustering option in conjunction with Thales Security Resource Manager (SRM)
- Asynchronous (v.24, RS-232)
- TCP/IP and UDP (10/100/1000 Base-T) – dual ports for resilience
- FICON (future factory fitted option)
- Thales Secure Processing Platform (TSPP) certified to FIPS 140-2 Level 3
- payShield 9000 MEPS, APCA and PCI HSM certifications in progress
Financial Industry Standards
- American Express/Mastercard/Visa PIN and card verification functions
- EMV 3.x and 4.x transactions and messaging (including PIN change)
- Remote key loading to NCR, Diebold and Wincor-Nixdorf ATMs
- Europay Security Platform (MasterCard stand-in processing)
- Integration with all major payment authorisation and transaction switching applications
- Console interface for ‘dumb’ terminals
- Graphical user interface (GUI) option for standard PC hardware over Ethernet – local and remote modes supported
- Ability to manage clusters of payShield 9000 devices via external Thales Security Resource Manager (SRM)
- Two factor authentication of operators using smart cards
- Dual physical locks or smart cards control setting of modes
- Tamper resistance designed to exceed requirements of FIPS 140-2 Level 3
- Detection of removal of covers
- Multiple alarm triggers for motion, voltage and temperature
- Device ‘hardening’ – ability to disable functions not required by the host application
- Form factor: 2U 19” rack mount
- Weight: 7.3 kg (7.5 kg with second power supply unit fitted)
- Voltage: 100 to 240V AC Universal input
- Power consumption : 100W (maximum)
- Operating temperature: 10 to 40 deg C
- Humidity: 10% to 90% (non-condensing)