TryTRY
BuyBUY
  • newsletter
  • contact
  • corporate
  • careers
Utimaco
de
TRYour free HSM simulator
BUYget a quote
  • home
  • solutions
  • products
  • services
  • blog
  • downloads
  • partners
  • company

Utimaco Portal

Here you will find everything you need as a partner and customerLogin required

  • home
  • solutions
    • industries
      • banking and financial services
        • acquirer
        • card scheme
        • issuer
        • hsm-as-a-service
      • government
        • federal government
      • cloud
        • cloud-based innovation
        • multi-cloud agility
        • building trust in the cloud
      • connected car (V2V)
      • automotive solutions
      • road infrastructure (V2I), toll collection & ITS
      • industrial IoT & manufacturing
      • energy & utilities
      • lottery & gaming
      • media & entertainment
      • telecommunications
    • applications
      • authentication
      • blockchain
      • code signing
      • database encryption
        • the keys to building a platform of trust in cryptography
      • document signing
      • key injection
      • post-quantum crypto agility
      • public key infrastructure (PKI)
        • EJBCA
      • random number generator (RNG)
    • compliance
      • certifications & approvals
        • Common Criteria (CC)
        • FIPS 140-2
      • compliance & standardization
        • FISMA, FedRAMP, and FICAM
        • Certificate Policy of the Smart Metering PKI
        • eIDAS
        • GDPR
        • PCI DSS
        • Privacy Shield
  • products
    • general purpose HSM
      • SecurityServer Se Gen2
      • SecurityServer CSe
      • Block-safe
      • CryptoServer CP5 (eIDAS & CC)
      • CryptoServer Cloud
      • TimestampServer
      • Q-safe
    • payment HSM
      • Atalla AT1000
      • PaymentServer Se Gen2
      • PaymentServer CSe
      • Secure Configuration Assistance (SCA)
      • QuickStart Services
      • u.cloud – Atalla PaymentHSMaaS
    • key management
      • Enterprise Key Management
    • Software Development Kit (SDK)
      • CryptoServer SDK
      • CryptoScript SDK
    • HSM simulators
      • Block-safe HSM simulator
      • CryptoServer CP5 simulator (eIDAS & CC)
      • SecurityServer simulator
      • Q-safe HSM simulator
    • form factor
      • LAN appliance
      • PCIe card
      • cloud, “HSM as a Service”
    • KeyBRIDGE
      • KeyBRIDGE POI
      • KeyBRIDGE RKD
      • KeyBRIDGE eKMS
      • TokenBRIDGE™
    • u.trust Anchor
      • u.trust Anchor CSAR
      • u.trust Anchor High Performance HSM
    • u.trust 360
  • services
    • consultancy
      • PQC consultancy
    • support
    • managed services
      • Key Exchange & Escrow Service (KEES™)
    • professional services
    • Utimaco Academy
  • blog
  • downloads
    • brochures
    • data sheets
    • case studies
    • white papers
    • webinars
    • e-books
      • PQC for Dummies e-book
      • HSM for Dummies e-book
    • Utimaco Portal
      • integration guides
      • knowledge base
  • partners
    • Partner Program
      • technology partner
    • Partner Locator
  • company
    • about Utimaco
      • legal
      • terms & conditions
      • privacy
        • cookie-policy
    • locations
    • news
      • newsletter
    • events
    • contact
    • careers
    • investors
    • utimaco management
    • business ethics
    • memberships and certifications
    • engagement in research
  • home
  • solutions
    • industries
      • banking and financial services
        • acquirer
        • card scheme
        • issuer
        • hsm-as-a-service
      • government
        • federal government
      • cloud
        • cloud-based innovation
        • multi-cloud agility
        • building trust in the cloud
      • connected car (V2V)
      • automotive solutions
      • road infrastructure (V2I), toll collection & ITS
      • industrial IoT & manufacturing
      • energy & utilities
      • lottery & gaming
      • media & entertainment
      • telecommunications
    • applications
      • authentication
      • blockchain
      • code signing
      • database encryption
        • the keys to building a platform of trust in cryptography
      • document signing
      • key injection
      • post-quantum crypto agility
      • public key infrastructure (PKI)
        • EJBCA
      • random number generator (RNG)
    • compliance
      • certifications & approvals
        • Common Criteria (CC)
        • FIPS 140-2
      • compliance & standardization
        • FISMA, FedRAMP, and FICAM
        • Certificate Policy of the Smart Metering PKI
        • eIDAS
        • GDPR
        • PCI DSS
        • Privacy Shield
  • products
    • general purpose HSM
      • SecurityServer Se Gen2
      • SecurityServer CSe
      • Block-safe
      • CryptoServer CP5 (eIDAS & CC)
      • CryptoServer Cloud
      • TimestampServer
      • Q-safe
    • payment HSM
      • Atalla AT1000
      • PaymentServer Se Gen2
      • PaymentServer CSe
      • Secure Configuration Assistance (SCA)
      • QuickStart Services
      • u.cloud – Atalla PaymentHSMaaS
    • key management
      • Enterprise Key Management
    • Software Development Kit (SDK)
      • CryptoServer SDK
      • CryptoScript SDK
    • HSM simulators
      • Block-safe HSM simulator
      • CryptoServer CP5 simulator (eIDAS & CC)
      • SecurityServer simulator
      • Q-safe HSM simulator
    • form factor
      • LAN appliance
      • PCIe card
      • cloud, “HSM as a Service”
    • KeyBRIDGE
      • KeyBRIDGE POI
      • KeyBRIDGE RKD
      • KeyBRIDGE eKMS
      • TokenBRIDGE™
    • u.trust Anchor
      • u.trust Anchor CSAR
      • u.trust Anchor High Performance HSM
    • u.trust 360
  • services
    • consultancy
      • PQC consultancy
    • support
    • managed services
      • Key Exchange & Escrow Service (KEES™)
    • professional services
    • Utimaco Academy
  • blog
  • downloads
    • brochures
    • data sheets
    • case studies
    • white papers
    • webinars
    • e-books
      • PQC for Dummies e-book
      • HSM for Dummies e-book
    • Utimaco Portal
      • integration guides
      • knowledge base
  • partners
    • Partner Program
      • technology partner
    • Partner Locator
  • company
    • about Utimaco
      • legal
      • terms & conditions
      • privacy
        • cookie-policy
    • locations
    • news
      • newsletter
    • events
    • contact
    • careers
    • investors
    • utimaco management
    • business ethics
    • memberships and certifications
    • engagement in research

Home / solutions / compliance / compliance & standardization / PCI DSS

PCI DSS

The Payment Card Industry Data Security Standard (PCI DSS) defines a set of security standards to ensure companies that accept, process, store or transmit credit/debit card information maintain a secure environment and protects cardholder against misuse of their personal information. One of the most efficient ways of complying with PCI DSS is to use HSMs.

Utimaco compliance

The Payment Card Industry Security Standards Council (PCI SSC) is a joint initiative by the major payment card brands (Visa, MasterCard, American Express, Discover and JCB) across the world. It was launched on September 7, 2006 to manage the evolution and security of the Payment Card Industry (PCI) security standards with a focus on improving payment account security throughout the transaction process. It is important to note that the acquirers and payment brands are responsible for enforcing the regulatory compliance, not the PCI council.

PCI Data Security Standard (PCI DSS)

The PCI DSS is an overarching standard that applies to all entities that store, process, and/or transmit cardholder data. It covers technical and operational components that are included in or connected to the systems that touch cardholder data. If you accept or process payment cards in any shape or form, you must follow the standards defined in PCI DSS.

PIN Transaction Security (PTS) Requirements

The PCI PTS is a set of security requirements that applies to the manufacturers who manufacture devices used for payment card financial transactions. The requirements are for manufacturers to follow in the design, manufacture and transport of a device to the entity that implements it. Financial institutions, processors, merchants and service providers should only use devices or components that are tested and approved by the PCI SSC.

Payment Application Data Security Standard (PA-DSS)

The PA-DSS is for software vendors and others who develop payment applications that store, process or transmit cardholder data and/or sensitive authentication data. Most card brands encourage merchants to use payment applications that are tested and approved by the PCI SSC.

Utimaco_Atalla_Banner_PCI_3 - Utimaco Atalla HSM

Hardware Security Module (HSM) and PCI

All Payment HSM vendors must comply to the standards defined in PCI PTS HSM to be able to design a compliant and secure Hardware security module and process payment transactions. A PCI PTS certified HSM is the key to allow its users achieve PCI DSS compliance.

The PCI PTS HSM standards are categorized in two sections, Physical and Logical Security. Some requirements that defines the physical security of the HSM are derived from requirements in Federal Information Processing Standard 140-2 (FIPS 140-2). The certification ensures an active tamper response mechanism to zeroize secret and private keys during a penetration and side-channel attack.

The PCI HSM standard covers the lifecycle of the HSM up to the point of its first delivery to the initial point of deployment facility. Subsequent stages of the HSM’s lifecycle continue to be of interest to PCI and are controlled by other PCI standards.

The PCI HSM security requirements are derived from existing ISO, ANSI, and NIST standards; and accepted/known good practice recognized by the financial payments industry. The requirements are classified in four different Evaluation Domains:

  • Evaluation Module 1 – This module defines core security requirements including Physical and Logical security of the HSM along with policies and procedures that must be followed.
  • Evaluation Module 2 – This module defines Key-Loading procedures and devices used to load keys in the HSM.
  • Evaluation Module 3 – This module covers the remote administration aspect of the HSM.
  • Evaluation Module 4 – This module covers device security requirements during manufacturing and between manufacturer and point of initial deployment.

Utimaco HSMs and PCI Compliance

The Utimaco HSMs are designed on the basic principles defined by PCI Council, ISO, NIST and ANSI. This includes:

 

Atalla AT1000

The Utimaco Atalla HSM is a NextGen PCI PTS HSM v3.0 and FIPS 140-2 Level 3 certified payments HSM designed to protect customer sensitive data, perform cardholder authentication, and manage the cryptographic keys used in ecommerce retail payment transactions.

Learn more

 

PaymentServer

Utimaco PaymentServer is a PCI PTS HSM v3.0 and FIPS 140-2 Level 3 certified payments Hardware Security Module deigned for card personalization and OEM opportunities.

Learn more

Stay on top of our news
Don’t miss out on any Utimaco updates

Partners

Utimaco HSM - QuintessenceLabs Nexus Technology GmbH Encryption Consulting LLC AKEA S.A. - Utimaco Hardware Security Modules Partner Ascertia - Utimaco Hardware Security Modules Partner Fortiedge Pte Ltd. Real security d.o.o. Komar Consulting Inc. - Utimaco Hardware Security Modules Partner JJNet International Co., Limited - Utimaco Hardware Security Modules Partner cv cryptovision GmbH CREAplus Italia S.r.l Softline Solutions GmbH Fornetix - Utimaco Hardware Security Modules Partner Cryptomathic A/S CREA plus d.o.o. VAR Group SpA - Utimaco Hardware Security Modules Partner Safesoft Kft. ESYSCO Sp. z o.o. Primekey Solutions AB CertiSur S.A. E-Sign S.A. Baas Control s.r.o. Compumatica secure networks GmbH PrimeKey Labs GmbH Thomas-Krenn.AG MIcrosec Utimaco HSM - InfoGuard Swiss Cyber Security Altacom UAB Versasec intarsys AG Microexpert Limited PKI Solutions Inc. Envoy Data Corporation - Utimaco Hardware Security Modules Partner IQuantics Corp Skytech Computing Solutions Limited. - Utimaco Hardware Security Modules Partner Rohde & Schwarz Cybersecurity GmbH CEGA Security Astel (UK) Ltd. - Utimaco Hardware Security Modules Partner Nexus - Utimaco Hardware Security Modules Partner Perceptus-sp.-z-o.-o. Secure Source Distribution (M) Sdn Bhd - Utimaco Hardware Security Modules Partner Nexus - Utimaco Hardware Security Modules Partner Cryptomathic GmbH EUROPEAN DYNAMICS SA. Abrantix AG Macroseguridad Synergy Computers (Pvt.) Ltd. - Utimaco Hardware Security Modules Partner Telegrupp AS Cyber Armor Pte Ltd CewTec S.A. Utimaco HSM - PTESA_profesionales en transacciones electronicas SecureMetric Technology Sdn. Bhd. MALKOM D.Malińska i Wspólnicy s.j. PETA (Thailand) Co., Ltd. Cryptomathic Inc. MTG - Utimaco Hardware Security Modules Partner Clearkey Consulting - Utimaco Hardware Security Modules Partner Throughwave (Thailand) Co.,Ltd - Utimaco Hardware Security Modules Partner Cogito Group Pty Ltd Compumatica secure networks B.V.
Find a partner

Share this page

EMEA

Utimaco IS GmbH
Germanusstraße 4
52080 Aachen
Germany
Phone: + 49 241 1696 200

Americas

Utimaco Inc.
900 E Hamilton Ave., Suite 400
Campbell, CA 95008
USA
Phone: +1 844 UTIMACO

APAC

Utimaco IS Pte Limited
80 Raffles Place,
#32-01, UOB Plaza
Singapore 048624
Phone: +65 6622 5347

Utimaco

  • support
  • corporate
  • careers
  • legal
  • terms & conditions
  • privacy
  • cookie-policy
© 2021
to top
  • home
  • solutions
    • industries
      • banking and financial services
        • acquirer
        • card scheme
        • issuer
        • hsm-as-a-service
      • government
        • federal government
      • cloud
        • cloud-based innovation
        • multi-cloud agility
        • building trust in the cloud
      • connected car (V2V)
      • automotive solutions
      • road infrastructure (V2I), toll collection & ITS
      • industrial IoT & manufacturing
      • energy & utilities
      • lottery & gaming
      • media & entertainment
      • telecommunications
    • applications
      • authentication
      • blockchain
      • code signing
      • database encryption
        • the keys to building a platform of trust in cryptography
      • document signing
      • key injection
      • post-quantum crypto agility
      • public key infrastructure (PKI)
        • EJBCA
      • random number generator (RNG)
    • compliance
      • certifications & approvals
        • Common Criteria (CC)
        • FIPS 140-2
      • compliance & standardization
        • FISMA, FedRAMP, and FICAM
        • Certificate Policy of the Smart Metering PKI
        • eIDAS
        • GDPR
        • PCI DSS
        • Privacy Shield
  • products
    • general purpose HSM
      • SecurityServer Se Gen2
      • SecurityServer CSe
      • Block-safe
      • CryptoServer CP5 (eIDAS & CC)
      • CryptoServer Cloud
      • TimestampServer
      • Q-safe
    • payment HSM
      • Atalla AT1000
      • PaymentServer Se Gen2
      • PaymentServer CSe
      • Secure Configuration Assistance (SCA)
      • QuickStart Services
      • u.cloud – Atalla PaymentHSMaaS
    • key management
      • Enterprise Key Management
    • Software Development Kit (SDK)
      • CryptoServer SDK
      • CryptoScript SDK
    • HSM simulators
      • Block-safe HSM simulator
      • CryptoServer CP5 simulator (eIDAS & CC)
      • SecurityServer simulator
      • Q-safe HSM simulator
    • form factor
      • LAN appliance
      • PCIe card
      • cloud, “HSM as a Service”
    • KeyBRIDGE
      • KeyBRIDGE POI
      • KeyBRIDGE RKD
      • KeyBRIDGE eKMS
      • TokenBRIDGE™
    • u.trust Anchor
      • u.trust Anchor CSAR
      • u.trust Anchor High Performance HSM
    • u.trust 360
  • services
    • consultancy
      • PQC consultancy
    • support
    • managed services
      • Key Exchange & Escrow Service (KEES™)
    • professional services
    • Utimaco Academy
  • blog
  • downloads
    • brochures
    • data sheets
    • case studies
    • white papers
    • webinars
    • e-books
      • PQC for Dummies e-book
      • HSM for Dummies e-book
    • Utimaco Portal
      • integration guides
      • knowledge base
  • partners
    • Partner Program
      • technology partner
    • Partner Locator
  • company
    • about Utimaco
      • legal
      • terms & conditions
      • privacy
        • cookie-policy
    • locations
    • news
      • newsletter
    • events
    • contact
    • careers
    • investors
    • utimaco management
    • business ethics
    • memberships and certifications
    • engagement in research