TryTRY
BuyBUY
  • newsletter
  • contact
  • corporate
  • careers
Utimaco
TRYour free HSM simulator
BUYget a quote
  • home
  • solutions
  • products
  • services
  • blog
  • downloads
  • partners
  • company

Utimaco Portal

Here you will find everything you need as a partner and customerLogin required

  • home
  • solutions
    • industries
      • banking and financial services
        • acquirer
        • card scheme
        • issuer
        • hsm-as-a-service
      • government
        • federal government
      • cloud
        • cloud-based innovation
        • multi-cloud agility
      • connected car (V2V)
      • automotive solutions
      • road infrastructure (V2I), toll collection & ITS
      • industrial IoT & manufacturing
      • energy & utilities
      • lottery & gaming
      • media & entertainment
      • telecommunications
    • applications
      • authentication
      • blockchain
      • code signing
      • database encryption
      • document signing
      • key injection
      • post-quantum crypto agility
      • public key infrastructure (PKI)
        • EJBCA
      • random number generator (RNG)
    • compliance
      • certifications & approvals
        • Common Criteria (CC)
        • FIPS 140-2
      • compliance & standardization
        • FISMA, FedRAMP, and FICAM
        • Certificate Policy of the Smart Metering PKI
        • eIDAS
        • GDPR
        • PCI DSS
        • Privacy Shield
  • products
    • general purpose HSM
      • SecurityServer Se Gen2
      • SecurityServer CSe
      • Block-safe
      • CryptoServer CP5 (eIDAS & CC)
      • CryptoServer Cloud
      • TimestampServer
      • Q-safe
    • payment HSM
      • Atalla AT1000
      • PaymentServer Se Gen2
      • PaymentServer CSe
      • Secure Configuration Assistance (SCA)
      • QuickStart Services
      • u.cloud – Atalla PaymentHSMaaS
      • u.trust 360
    • key management
      • Enterprise Key Management
    • Software Development Kit (SDK)
      • CryptoServer SDK
      • CryptoScript SDK
    • HSM simulators
      • Block-safe HSM simulator
      • CryptoServer CP5 simulator (eIDAS & CC)
      • SecurityServer simulator
      • Q-safe HSM simulator
    • form factor
      • LAN appliance
      • PCIe card
      • cloud, “HSM as a Service”
    • KeyBRIDGE
      • KeyBRIDGE POI
      • KeyBRIDGE RKD
      • KeyBRIDGE eKMS
      • TokenBRIDGE™
    • u.trust Anchor
      • u.trust Anchor CSAR
      • u.trust Anchor High Performance HSM
  • services
    • consultancy
      • PQC consultancy
    • support
    • managed services
      • Key Exchange & Escrow Service (KEES™)
    • professional services
    • Utimaco Academy
  • blog
  • downloads
    • brochures
    • data sheets
    • case studies
    • white papers
    • webinars
    • e-books
      • PQC for Dummies e-book
      • HSM for Dummies e-book
    • Utimaco Portal
      • integration guides
      • knowledge base
  • partners
    • Partner Program
      • technology partner
    • Partner Locator
  • company
    • about Utimaco
      • legal
      • terms & conditions
      • privacy
        • cookie-policy
    • locations
    • news
      • newsletter
    • events
    • contact
    • careers
    • investors
    • utimaco management
    • business ethics
    • memberships and certifications
    • engagement in research
  • home
  • solutions
    • industries
      • banking and financial services
        • acquirer
        • card scheme
        • issuer
        • hsm-as-a-service
      • government
        • federal government
      • cloud
        • cloud-based innovation
        • multi-cloud agility
      • connected car (V2V)
      • automotive solutions
      • road infrastructure (V2I), toll collection & ITS
      • industrial IoT & manufacturing
      • energy & utilities
      • lottery & gaming
      • media & entertainment
      • telecommunications
    • applications
      • authentication
      • blockchain
      • code signing
      • database encryption
      • document signing
      • key injection
      • post-quantum crypto agility
      • public key infrastructure (PKI)
        • EJBCA
      • random number generator (RNG)
    • compliance
      • certifications & approvals
        • Common Criteria (CC)
        • FIPS 140-2
      • compliance & standardization
        • FISMA, FedRAMP, and FICAM
        • Certificate Policy of the Smart Metering PKI
        • eIDAS
        • GDPR
        • PCI DSS
        • Privacy Shield
  • products
    • general purpose HSM
      • SecurityServer Se Gen2
      • SecurityServer CSe
      • Block-safe
      • CryptoServer CP5 (eIDAS & CC)
      • CryptoServer Cloud
      • TimestampServer
      • Q-safe
    • payment HSM
      • Atalla AT1000
      • PaymentServer Se Gen2
      • PaymentServer CSe
      • Secure Configuration Assistance (SCA)
      • QuickStart Services
      • u.cloud – Atalla PaymentHSMaaS
      • u.trust 360
    • key management
      • Enterprise Key Management
    • Software Development Kit (SDK)
      • CryptoServer SDK
      • CryptoScript SDK
    • HSM simulators
      • Block-safe HSM simulator
      • CryptoServer CP5 simulator (eIDAS & CC)
      • SecurityServer simulator
      • Q-safe HSM simulator
    • form factor
      • LAN appliance
      • PCIe card
      • cloud, “HSM as a Service”
    • KeyBRIDGE
      • KeyBRIDGE POI
      • KeyBRIDGE RKD
      • KeyBRIDGE eKMS
      • TokenBRIDGE™
    • u.trust Anchor
      • u.trust Anchor CSAR
      • u.trust Anchor High Performance HSM
  • services
    • consultancy
      • PQC consultancy
    • support
    • managed services
      • Key Exchange & Escrow Service (KEES™)
    • professional services
    • Utimaco Academy
  • blog
  • downloads
    • brochures
    • data sheets
    • case studies
    • white papers
    • webinars
    • e-books
      • PQC for Dummies e-book
      • HSM for Dummies e-book
    • Utimaco Portal
      • integration guides
      • knowledge base
  • partners
    • Partner Program
      • technology partner
    • Partner Locator
  • company
    • about Utimaco
      • legal
      • terms & conditions
      • privacy
        • cookie-policy
    • locations
    • news
      • newsletter
    • events
    • contact
    • careers
    • investors
    • utimaco management
    • business ethics
    • memberships and certifications
    • engagement in research

Home / Blogs / PCI PIN Transaction Security (PTS) HSM v3 Requirements

PCI PIN Transaction Security (PTS) HSM v3 Requirements

November 09, 2020

Hardware Security Modules are a critical component in data integrity and confidentiality assurance of business transactions. Corporate organizations and banks employ security services such as encryption, decryption and strong authentication between identities and applications.

HSMs are deployed by enterprises for the defense of secret business communication. The security of the HSM must be ensured during the complete lifecycle starting from product development, consignment, deployment and decommissioning stages. Since the HSM are the most indispensable segment in charge of the information privacy as well as uprightness of business exchanges, the security of the entire business is at stake in case an HSM gets compromised.

The standard document PCI PTS (PIN Transaction Security) HSM v3 enlightens the core security aspects regarding every stage of the lifecycle of HSM. All HSM vendors must comply with these security requirements and guidelines which are mandatory to acquire PCI PTS HSM device approval.

A Little about PCI SSC & PCI DSS

PCI SSC (Payment Card Industry Security Standards Council) is a governing body established in September 2006 as a joint venture by MasterCard, American Express, Visa, JCB International and Discover Financial Services. It holds the mandate of managing the development in PCI and alignment of company’s policies to PCI DSS (Payment Card Industry Data Security Standard) which is an information security standard to prevent credit card scams and numerous additional security threats & vulnerabilities. Credit/Debit card processors such as MasterCard and Visa etc. implement the mechanism and security controls specified  suggested in the PCI DSS. The entities that store, process and transmit the card information are required to follow PCI DSS.

PCI PTS HSM Version 3.0

PCI PTS HSM version 3.0 is the latest standard which was released on June 2016. PCI PTS HSM has displayed necessities for HSMs during their whole lifecycle (fabricating, conveyance, utilization, and decommissioning) which ought to be agreed by the HSM sellers referred as PCI PTS (PIN Transaction Security) HSM “Modular Security Requirements”. PCI PTS are operational/technical security requirements for the protection of the cardholder-data along with cardholder authentication, payment processing and cryptographic key management etc. The principle goal of these necessities isn’t to kill the plausibility of business cheats, however to decrease its likelihood and point of confinement its significances. All the HSM vendors and applications which store, process or transmit cardholder data must comply with this standard. PCI PTS HSM (v1 – v3) requirements deal with the following HSM features:

  • PIN processing
  • Card verification
  • 3-D Secure
  • EFTPOS
  • Card production and personalization
  • ATM interchange
  • Data integrity
  • Cash-card reloading
  • Key generation
  • Chip-card transaction processing
  • Key injection

Evaluation Modules of PCI PTS HSM v3

PCI PTS HSM v3 presents four evaluation modules for HSM validation. Each module has its own respective requirements. These requirements will be used as the minimum acceptable criteria because the PCI has defined these requirements using a risk-reduction methodology that identifies the associated benefit when measured against acceptable costs to design and manufacture HSM devices. All the specified requirements are derived from the current ANSI, ISO and NIST standards which are already known/accepted as best practices by the financial payments industry. Once an HSM is approved by the PCI as per the above mentioned requirements, it is listed on their website.

PCI-HSM-requirements-table-utimaco

Conclusion

This article discusses the guidance and direction for appropriately designing HSMs to meet the security needs for the protection of HSMs from the manufacturing phase to initial deployment. It is divided in four evaluation modules which are core requirements, key-loading devices, remote administration and device management security requirements. These mentioned requirements are the minimum acceptable criteria to be PCI PTS HSM version 3 certified.

New call-to-action

Back to overview

Stay on top of our news
Don’t miss out on any Utimaco updates

Subscribe to Utimaco Newsletter

We will keep you posted with news from Utimaco and the industries we protect, as well as information on upcoming events and webinars.

Subscribe now

Partners

SecureMetric Technology Sdn. Bhd. Real security d.o.o. MIcrosec Cogito Group Pty Ltd Encryption Consulting LLC Softline Solutions GmbH JJNet International Co., Limited - Utimaco Hardware Security Modules Partner Macroseguridad Utimaco HSM - PTESA_profesionales en transacciones electronicas Abrantix AG Ascertia - Utimaco Hardware Security Modules Partner Versasec Baas Control s.r.o. Compumatica secure networks B.V. Compumatica secure networks GmbH IQuantics Corp Cryptomathic GmbH Thomas-Krenn.AG CewTec S.A. MTG - Utimaco Hardware Security Modules Partner ESYSCO Sp. z o.o. Clearkey Consulting - Utimaco Hardware Security Modules Partner E-Sign S.A. EUROPEAN DYNAMICS SA. Fortiedge Pte Ltd. CREA plus d.o.o. Fornetix - Utimaco Hardware Security Modules Partner Perceptus-sp.-z-o.-o. CEGA Security Nexus Technology GmbH Throughwave (Thailand) Co.,Ltd - Utimaco Hardware Security Modules Partner Envoy Data Corporation - Utimaco Hardware Security Modules Partner Altacom UAB Rohde & Schwarz Cybersecurity GmbH Telegrupp AS Utimaco HSM - QuintessenceLabs CREAplus Italia S.r.l Komar Consulting Inc. - Utimaco Hardware Security Modules Partner Safesoft Kft. Primekey Solutions AB Utimaco HSM - InfoGuard Swiss Cyber Security Nexus - Utimaco Hardware Security Modules Partner intarsys AG PKI Solutions Inc. Nexus - Utimaco Hardware Security Modules Partner Cryptomathic Inc. CertiSur S.A. Cyber Armor Pte Ltd Synergy Computers (Pvt.) Ltd. - Utimaco Hardware Security Modules Partner AKEA S.A. - Utimaco Hardware Security Modules Partner Cryptomathic A/S PrimeKey Labs GmbH Astel (UK) Ltd. - Utimaco Hardware Security Modules Partner VAR Group SpA - Utimaco Hardware Security Modules Partner cv cryptovision GmbH Skytech Computing Solutions Limited. - Utimaco Hardware Security Modules Partner Secure Source Distribution (M) Sdn Bhd - Utimaco Hardware Security Modules Partner Microexpert Limited MALKOM D.Malińska i Wspólnicy s.j. PETA (Thailand) Co., Ltd.
Find a partner

Share this page

EMEA

Utimaco IS GmbH
Germanusstraße 4
52080 Aachen
Germany
Phone: + 49 241 1696 200

Americas

Utimaco Inc.
900 E Hamilton Ave., Suite 400
Campbell, CA 95008
USA
Phone: +1 844 UTIMACO

APAC

Utimaco IS Pte Limited
80 Raffles Place,
#32-01, UOB Plaza
Singapore 048624
Phone: +65 6622 5347

Utimaco

  • support
  • corporate
  • careers
  • legal
  • terms & conditions
  • privacy
  • cookie-policy
© 2021
to top
  • home
  • solutions
    • industries
      • banking and financial services
        • acquirer
        • card scheme
        • issuer
        • hsm-as-a-service
      • government
        • federal government
      • cloud
        • cloud-based innovation
        • multi-cloud agility
      • connected car (V2V)
      • automotive solutions
      • road infrastructure (V2I), toll collection & ITS
      • industrial IoT & manufacturing
      • energy & utilities
      • lottery & gaming
      • media & entertainment
      • telecommunications
    • applications
      • authentication
      • blockchain
      • code signing
      • database encryption
      • document signing
      • key injection
      • post-quantum crypto agility
      • public key infrastructure (PKI)
        • EJBCA
      • random number generator (RNG)
    • compliance
      • certifications & approvals
        • Common Criteria (CC)
        • FIPS 140-2
      • compliance & standardization
        • FISMA, FedRAMP, and FICAM
        • Certificate Policy of the Smart Metering PKI
        • eIDAS
        • GDPR
        • PCI DSS
        • Privacy Shield
  • products
    • general purpose HSM
      • SecurityServer Se Gen2
      • SecurityServer CSe
      • Block-safe
      • CryptoServer CP5 (eIDAS & CC)
      • CryptoServer Cloud
      • TimestampServer
      • Q-safe
    • payment HSM
      • Atalla AT1000
      • PaymentServer Se Gen2
      • PaymentServer CSe
      • Secure Configuration Assistance (SCA)
      • QuickStart Services
      • u.cloud – Atalla PaymentHSMaaS
      • u.trust 360
    • key management
      • Enterprise Key Management
    • Software Development Kit (SDK)
      • CryptoServer SDK
      • CryptoScript SDK
    • HSM simulators
      • Block-safe HSM simulator
      • CryptoServer CP5 simulator (eIDAS & CC)
      • SecurityServer simulator
      • Q-safe HSM simulator
    • form factor
      • LAN appliance
      • PCIe card
      • cloud, “HSM as a Service”
    • KeyBRIDGE
      • KeyBRIDGE POI
      • KeyBRIDGE RKD
      • KeyBRIDGE eKMS
      • TokenBRIDGE™
    • u.trust Anchor
      • u.trust Anchor CSAR
      • u.trust Anchor High Performance HSM
  • services
    • consultancy
      • PQC consultancy
    • support
    • managed services
      • Key Exchange & Escrow Service (KEES™)
    • professional services
    • Utimaco Academy
  • blog
  • downloads
    • brochures
    • data sheets
    • case studies
    • white papers
    • webinars
    • e-books
      • PQC for Dummies e-book
      • HSM for Dummies e-book
    • Utimaco Portal
      • integration guides
      • knowledge base
  • partners
    • Partner Program
      • technology partner
    • Partner Locator
  • company
    • about Utimaco
      • legal
      • terms & conditions
      • privacy
        • cookie-policy
    • locations
    • news
      • newsletter
    • events
    • contact
    • careers
    • investors
    • utimaco management
    • business ethics
    • memberships and certifications
    • engagement in research