Page 26 - GS220701
P. 26
o
CoverStory
y
r
er
St
Co
v
by cryptography. Chase and Bank of America share what's
Encrypted data travels through a called a key exchange. When you enter your PIN in a
payment gateway and a variety of Bank of America ATM, they never know what your PIN
is because it's automatically encrypted right there at the
network and processor hops until point of capture and taken to a hardware security module
it arrives at a card issuer, bank or (HSM), where it's decrypted and translated to a key that
Chase owns.
payment branch, and each of those HSM evolution
steps involves cryptography.
Describing HSMs as "purpose-built, tamper-evident,
responsive devices that securely process cryptographic
operations," Cason noted HSMs were initially deployed
Public, private key management on-premises to provide a secure environment for digital
signing and encrypting, decrypting and translating data.
Adam Cason, vice president, global and strategic alliances Today, he stated, hybrid and cloud-based HSM models are
at Futurex, has seen cryptography in payments, healthcare backed by physical HSMs.
and the Internet of Things. "Here at Futurex, we focus
on the payments side of things; at least 50 percent of our Cason further noted that the industry's migration to cloud
business is in the payments space, where cryptography is services began in earnest in 2010 and 2011, but a lack of
used for things like PIN validation at the point of sale," he suitable cloud payment HSMs created a roadblock for
said. companies trying to integrate with leading cloud service
providers like AWS, Azure and Google. Virtual access
POS devices use symmetric cryptography and private keys points (VAPs) have solved for this need, he stated.
to encrypt a customer's PIN, card number and identifying
information at point of capture, Cason stated. Encrypted "Organizations had to figure out where they were going to
data travels through a payment gateway and a variety host their payment applications," Cason said. "Some took
of network and processor hops until it arrives at a card a hybrid, multi-cloud approach with diversified vendors,
issuer, bank or payment branch, and each of those steps such as AWS and Azure. From there, it was simply a matter
involves cryptography. "Symmetric cryptography could of spinning up a virtual access point or VAP."
be Triple DES and AES algorithms that are used for PIN
translation or PIN encryption," Cason said, adding the Cason pointed out that VAPs are a timely solution, both for
payments industry has historically used Triple DES. legacy providers and born-in-the-cloud fintech startups.
In fact, he added, a lot of fintechs don't even have offices
Alternatively, Cason noted, PKI's asymmetric cryptography and work remotely with staff all over the world. "Imagine
uses RSA and ECC elliptic curve algorithms to establish telling a digital native that has everything in the cloud to
secure connections among multiple remote endpoints. get a data center where they can rack HSMs and send staff
ATMs, for example, share public keys, he said. If you're a to manage them," he said. "You'd get laughed out of the
Bank of America cardholder withdrawing funds from a room. Cloud payment HSMs are perfect for fintechs and
Chase Bank ATM, the way that happens is underpinned neobanks."
Call me today!
Let me help you HSM expansion
with your The State of Cyber and Digital Security, a white paper
published by ABI Research in May 2022, revealed that
advertising HSMs are finding their way into new markets, creating
success. new revenue opportunities for fintechs, IoT manufacturers
and cloud security providers.
707-284-1693 "New market opportunities mean increased competition;
incumbents have to respond quickly to the innovation
presented by new entrants," ABI researchers wrote,
urging HSM OEMs to bring innovation "to the underlying
foundation on which [HSMs] are built and which cannot
be easily replicated by new entrants like hyperscalers and
cloud providers, i.e., implementation of cryptographic
algorithms and development of internal security
R R ick Aston architecture."
Senior Media Partnership Specialist Perella has seen an uptick in outsourced HSMs and key
management, which he noted are better suited for small
Rick@greensheet.com
26
