TryTRY
BuyBUY
  • newsletter
  • contact
  • corporate
  • careers
Utimaco
TRYour free HSM simulator
BUYget a quote
  • home
  • solutions
  • products
  • services
  • blog
  • downloads
  • partners
  • company

Utimaco Portal

Here you will find everything you need as a partner and customerLogin required

  • home
  • solutions
    • industries
      • banking and financial services
        • acquirer
        • card scheme
        • issuer
        • hsm-as-a-service
      • government
        • federal government
      • cloud
        • cloud-based innovation
        • multi-cloud agility
      • connected car (V2V)
      • automotive solutions
      • road infrastructure (V2I), toll collection & ITS
      • industrial IoT & manufacturing
      • energy & utilities
      • lottery & gaming
      • media & entertainment
      • telecommunications
    • applications
      • authentication
      • blockchain
      • code signing
      • database encryption
      • document signing
      • key injection
      • post-quantum crypto agility
      • public key infrastructure (PKI)
        • EJBCA
      • random number generator (RNG)
    • compliance
      • certifications & approvals
        • Common Criteria (CC)
        • FIPS 140-2
      • compliance & standardization
        • FISMA, FedRAMP, and FICAM
        • Certificate Policy of the Smart Metering PKI
        • eIDAS
        • GDPR
        • PCI DSS
        • Privacy Shield
  • products
    • general purpose HSM
      • SecurityServer Se Gen2
      • SecurityServer CSe
      • Block-safe
      • CryptoServer CP5 (eIDAS & CC)
      • CryptoServer Cloud
      • TimestampServer
      • Q-safe
    • payment HSM
      • Atalla AT1000
      • PaymentServer Se Gen2
      • PaymentServer CSe
      • Secure Configuration Assistance (SCA)
      • QuickStart Services
      • u.cloud – Atalla PaymentHSMaaS
      • u.trust 360
    • key management
      • Enterprise Key Management
    • Software Development Kit (SDK)
      • CryptoServer SDK
      • CryptoScript SDK
    • HSM simulators
      • Block-safe HSM simulator
      • CryptoServer CP5 simulator (eIDAS & CC)
      • SecurityServer simulator
      • Q-safe HSM simulator
    • form factor
      • LAN appliance
      • PCIe card
      • cloud, “HSM as a Service”
    • KeyBRIDGE
      • KeyBRIDGE POI
      • KeyBRIDGE RKD
      • KeyBRIDGE eKMS
      • TokenBRIDGE™
    • u.trust Anchor
      • u.trust Anchor CSAR
      • u.trust Anchor High Performance HSM
  • services
    • consultancy
      • PQC consultancy
    • support
    • managed services
      • Key Exchange & Escrow Service (KEES™)
    • professional services
    • Utimaco Academy
  • blog
  • downloads
    • brochures
    • data sheets
    • case studies
    • white papers
    • webinars
    • e-books
      • PQC for Dummies e-book
      • HSM for Dummies e-book
    • Utimaco Portal
      • integration guides
      • knowledge base
  • partners
    • Partner Program
      • technology partner
    • Partner Locator
  • company
    • about Utimaco
      • legal
      • terms & conditions
      • privacy
        • cookie-policy
    • locations
    • news
      • newsletter
    • events
    • contact
    • careers
    • investors
    • utimaco management
    • business ethics
    • memberships and certifications
    • engagement in research
  • home
  • solutions
    • industries
      • banking and financial services
        • acquirer
        • card scheme
        • issuer
        • hsm-as-a-service
      • government
        • federal government
      • cloud
        • cloud-based innovation
        • multi-cloud agility
      • connected car (V2V)
      • automotive solutions
      • road infrastructure (V2I), toll collection & ITS
      • industrial IoT & manufacturing
      • energy & utilities
      • lottery & gaming
      • media & entertainment
      • telecommunications
    • applications
      • authentication
      • blockchain
      • code signing
      • database encryption
      • document signing
      • key injection
      • post-quantum crypto agility
      • public key infrastructure (PKI)
        • EJBCA
      • random number generator (RNG)
    • compliance
      • certifications & approvals
        • Common Criteria (CC)
        • FIPS 140-2
      • compliance & standardization
        • FISMA, FedRAMP, and FICAM
        • Certificate Policy of the Smart Metering PKI
        • eIDAS
        • GDPR
        • PCI DSS
        • Privacy Shield
  • products
    • general purpose HSM
      • SecurityServer Se Gen2
      • SecurityServer CSe
      • Block-safe
      • CryptoServer CP5 (eIDAS & CC)
      • CryptoServer Cloud
      • TimestampServer
      • Q-safe
    • payment HSM
      • Atalla AT1000
      • PaymentServer Se Gen2
      • PaymentServer CSe
      • Secure Configuration Assistance (SCA)
      • QuickStart Services
      • u.cloud – Atalla PaymentHSMaaS
      • u.trust 360
    • key management
      • Enterprise Key Management
    • Software Development Kit (SDK)
      • CryptoServer SDK
      • CryptoScript SDK
    • HSM simulators
      • Block-safe HSM simulator
      • CryptoServer CP5 simulator (eIDAS & CC)
      • SecurityServer simulator
      • Q-safe HSM simulator
    • form factor
      • LAN appliance
      • PCIe card
      • cloud, “HSM as a Service”
    • KeyBRIDGE
      • KeyBRIDGE POI
      • KeyBRIDGE RKD
      • KeyBRIDGE eKMS
      • TokenBRIDGE™
    • u.trust Anchor
      • u.trust Anchor CSAR
      • u.trust Anchor High Performance HSM
  • services
    • consultancy
      • PQC consultancy
    • support
    • managed services
      • Key Exchange & Escrow Service (KEES™)
    • professional services
    • Utimaco Academy
  • blog
  • downloads
    • brochures
    • data sheets
    • case studies
    • white papers
    • webinars
    • e-books
      • PQC for Dummies e-book
      • HSM for Dummies e-book
    • Utimaco Portal
      • integration guides
      • knowledge base
  • partners
    • Partner Program
      • technology partner
    • Partner Locator
  • company
    • about Utimaco
      • legal
      • terms & conditions
      • privacy
        • cookie-policy
    • locations
    • news
      • newsletter
    • events
    • contact
    • careers
    • investors
    • utimaco management
    • business ethics
    • memberships and certifications
    • engagement in research

Home / Blogs / The PCI PTS HSM v1 expires – Guidelines for the Transition Towards v3

The PCI PTS HSM v1 expires – Guidelines for the Transition Towards v3

November 09, 2020

Corporate organizations and banks have expanded their businesses around the world by using e-commerce which is secured by various security services such as encryption, decryption and strong authentication between identities and applications. Main cryptographic security control for the protection of business transactions is the Hardware Security Module (HSM).

Enterprises deploy HSMs for the protection of clients and business transactions. HSM is explicitly considered to guard the lifecycle of the crypto key at every phase. Logical and physical security of cryptographic keys from adversaries and unauthorized practice is managed by HSM. The importance of HSM can be understood from the fact that its deployment is a mandatory requirement for PCI DSS validation. This article enlightens the expiry of version 1.0 of the PCI PTS HSM validation and the latest standard available version 3.0.

PCI SSC & PCI DSS

PCI SSC (Payment Card Industry Security Standards Council) is a governing body established in September 2006 as a joint venture by MasterCard, American Express, Visa, JCB International and Discover Financial Services. It holds the mandate of managing the development in PCI and alignment of company’s policies to PCI DSS (Payment Card Industry Data Security Standard) which is an information security standard to prevent credit card scams and numerous additional security threats & vulnerabilities. Credit/Debit card provider companies/corporations such as MasterCard and Visa etc. implement the mechanism and security controls specified and suggested in the PCI DSS. The entities that store, process and transmit the card information also implement PCI DSS.

PCI PTS and Validation of HSMs

New call-to-actionSince the HSM are the most vital component responsible for the data confidentiality and/or integrity of business transactions, the security of the whole business is on stake if then HSM is compromised. PCI SSC has presented requirements for HSMs during their entire lifecycle (manufacturing, delivery, usage, and decommissioning) which should be accorded by the HSM vendors referred as PCI PTS (Pin Transaction Security) HSM “Modular Security Requirements”.

PCI PTS are operational/technical security requirements for the protection of cardholder data. All the organizations which store, process or transmit cardholder data must comply with this standard. The main intent of these requirements is not to eliminate the possibility of business frauds, but to diminish its probability and limit its significance.

It enlists all the security requirements against which an HSM will be evaluated in order to obtain PCI PTS HSM device accreditation/approval. HSM supports a variety of applications such as cardholder authentication, payment processing and cryptographic key management etc.

Expiry of PCI PTS HSM Version 1.0

New call-to-action

PCI PTS HSM version 1.0 was released in April 2009 and various HSMs and cryptographic modules were validated against this standard. But general public was issued by PCI SSC stating that the approval of devices which were validated against the PCI PTS HSM version 1.0 has been expired on 30 April 2019.

Since the HSM validations were carried out on very old version 1.0 of PCI PTS HSM, hence the HSM devices may not be able to withstand the latest generations of attacks and should therefore be replaced by the HSMs with latest standard validation as soon as feasible.

The PCI SSC website also maintains the list of approved PTS devices and the obsolete devices have also been removed from the approved list.

PCI SSC has also recommended the financial institutions, merchants, vendors (every point where the HSMs are being manufactured or used) and users of PTS HSM v1.0
devices to coordinate with their support for the provisioning of the latest approved HSM models.

PCI PTS HSM Version 3.0

PCI PTS HSM version 3.0 is the latest standard which was released in June 2016. It proposes the

following domains as per the PCI PTS HSM  requirements and validation:

  1. PIN processing
  2. Card verification
  3. 3-D Secure
  4. EFTPOS
  5. Card production and personalization
  6. ATM interchange
  7. Data integrity
  8. Cash-card reloading
  9. Key generation
  10. Chip-card transaction processing
  11. Key injection

Since the inception of these requirements, they are being used as the minimum acceptable criteria because the PCI has defined these requirements using a risk-reduction methodology that identifies the associated benefit when measured against acceptable costs to design and manufacture HSM devices. All the specified requirements are derived from the current ANSI, ISO and NIST standards which are already known/accepted as best practices by the financial payments industry.

New call-to-action

References and Further Reading

  • Read more articles on PCI HSM Security Requirements (2018 – today) by Asim Mehmood, Martin Schmidt, Utimaco and more
  • PIN Transaction Security (PTS) Hardware Security Module (HSM) –
    Summary of Requirements Changes from Version 2.0 to 3.0 (2016), by the Payment Card Industry (PCI)
  • Payment Card Industry (PCI) Hardware Security Module (HSM) Security Requirements, Version 1.0 (April 2009), by the Payment Card Industry (PCI)
Back to overview

Stay on top of our news
Don’t miss out on any Utimaco updates

Subscribe to Utimaco Newsletter

We will keep you posted with news from Utimaco and the industries we protect, as well as information on upcoming events and webinars.

Subscribe now

Partners

CewTec S.A. Secure Source Distribution (M) Sdn Bhd - Utimaco Hardware Security Modules Partner PETA (Thailand) Co., Ltd. MTG - Utimaco Hardware Security Modules Partner Perceptus-sp.-z-o.-o. SecureMetric Technology Sdn. Bhd. Cryptomathic Inc. CREAplus Italia S.r.l Envoy Data Corporation - Utimaco Hardware Security Modules Partner Compumatica secure networks B.V. Microexpert Limited PrimeKey Labs GmbH Macroseguridad Versasec Fortiedge Pte Ltd. AKEA S.A. - Utimaco Hardware Security Modules Partner CEGA Security Utimaco HSM - InfoGuard Swiss Cyber Security Ascertia - Utimaco Hardware Security Modules Partner ESYSCO Sp. z o.o. Fornetix - Utimaco Hardware Security Modules Partner Rohde & Schwarz Cybersecurity GmbH Skytech Computing Solutions Limited. - Utimaco Hardware Security Modules Partner Astel (UK) Ltd. - Utimaco Hardware Security Modules Partner Utimaco HSM - QuintessenceLabs Utimaco HSM - PTESA_profesionales en transacciones electronicas IQuantics Corp VAR Group SpA - Utimaco Hardware Security Modules Partner intarsys AG Baas Control s.r.o. Cryptomathic A/S EUROPEAN DYNAMICS SA. Nexus - Utimaco Hardware Security Modules Partner Clearkey Consulting - Utimaco Hardware Security Modules Partner MIcrosec Encryption Consulting LLC Synergy Computers (Pvt.) Ltd. - Utimaco Hardware Security Modules Partner Komar Consulting Inc. - Utimaco Hardware Security Modules Partner Cogito Group Pty Ltd Real security d.o.o. Cyber Armor Pte Ltd CREA plus d.o.o. Nexus Technology GmbH Throughwave (Thailand) Co.,Ltd - Utimaco Hardware Security Modules Partner E-Sign S.A. PKI Solutions Inc. Softline Solutions GmbH Nexus - Utimaco Hardware Security Modules Partner Thomas-Krenn.AG cv cryptovision GmbH Compumatica secure networks GmbH JJNet International Co., Limited - Utimaco Hardware Security Modules Partner MALKOM D.Malińska i Wspólnicy s.j. Abrantix AG Cryptomathic GmbH Altacom UAB Telegrupp AS Primekey Solutions AB CertiSur S.A. Safesoft Kft.
Find a partner

Share this page

EMEA

Utimaco IS GmbH
Germanusstraße 4
52080 Aachen
Germany
Phone: + 49 241 1696 200

Americas

Utimaco Inc.
900 E Hamilton Ave., Suite 400
Campbell, CA 95008
USA
Phone: +1 844 UTIMACO

APAC

Utimaco IS Pte Limited
80 Raffles Place,
#32-01, UOB Plaza
Singapore 048624
Phone: +65 6622 5347

Utimaco

  • support
  • corporate
  • careers
  • legal
  • terms & conditions
  • privacy
  • cookie-policy
© 2021
to top
  • home
  • solutions
    • industries
      • banking and financial services
        • acquirer
        • card scheme
        • issuer
        • hsm-as-a-service
      • government
        • federal government
      • cloud
        • cloud-based innovation
        • multi-cloud agility
      • connected car (V2V)
      • automotive solutions
      • road infrastructure (V2I), toll collection & ITS
      • industrial IoT & manufacturing
      • energy & utilities
      • lottery & gaming
      • media & entertainment
      • telecommunications
    • applications
      • authentication
      • blockchain
      • code signing
      • database encryption
      • document signing
      • key injection
      • post-quantum crypto agility
      • public key infrastructure (PKI)
        • EJBCA
      • random number generator (RNG)
    • compliance
      • certifications & approvals
        • Common Criteria (CC)
        • FIPS 140-2
      • compliance & standardization
        • FISMA, FedRAMP, and FICAM
        • Certificate Policy of the Smart Metering PKI
        • eIDAS
        • GDPR
        • PCI DSS
        • Privacy Shield
  • products
    • general purpose HSM
      • SecurityServer Se Gen2
      • SecurityServer CSe
      • Block-safe
      • CryptoServer CP5 (eIDAS & CC)
      • CryptoServer Cloud
      • TimestampServer
      • Q-safe
    • payment HSM
      • Atalla AT1000
      • PaymentServer Se Gen2
      • PaymentServer CSe
      • Secure Configuration Assistance (SCA)
      • QuickStart Services
      • u.cloud – Atalla PaymentHSMaaS
      • u.trust 360
    • key management
      • Enterprise Key Management
    • Software Development Kit (SDK)
      • CryptoServer SDK
      • CryptoScript SDK
    • HSM simulators
      • Block-safe HSM simulator
      • CryptoServer CP5 simulator (eIDAS & CC)
      • SecurityServer simulator
      • Q-safe HSM simulator
    • form factor
      • LAN appliance
      • PCIe card
      • cloud, “HSM as a Service”
    • KeyBRIDGE
      • KeyBRIDGE POI
      • KeyBRIDGE RKD
      • KeyBRIDGE eKMS
      • TokenBRIDGE™
    • u.trust Anchor
      • u.trust Anchor CSAR
      • u.trust Anchor High Performance HSM
  • services
    • consultancy
      • PQC consultancy
    • support
    • managed services
      • Key Exchange & Escrow Service (KEES™)
    • professional services
    • Utimaco Academy
  • blog
  • downloads
    • brochures
    • data sheets
    • case studies
    • white papers
    • webinars
    • e-books
      • PQC for Dummies e-book
      • HSM for Dummies e-book
    • Utimaco Portal
      • integration guides
      • knowledge base
  • partners
    • Partner Program
      • technology partner
    • Partner Locator
  • company
    • about Utimaco
      • legal
      • terms & conditions
      • privacy
        • cookie-policy
    • locations
    • news
      • newsletter
    • events
    • contact
    • careers
    • investors
    • utimaco management
    • business ethics
    • memberships and certifications
    • engagement in research