We are very excited to announce the overall availability of Azure Payment HSM, a BareMetal Infrastructure as a service (IaaS) that allows clients to have native entry to cost HSM within the Azure cloud. With Azure Payment HSM, clients can seamlessly migrate PCI workloads to Azure and meet essentially the most stringent safety, audit compliance, low latency, and high-performance necessities wanted by the Payment Card Industry (PCI).
Azure Payment HSM service empowers service suppliers and monetary establishments to speed up their cost system’s digital transformation technique and undertake the general public cloud.
 |
“Payment HSM help within the public cloud is among the most important hurdles to beat in shifting cost techniques to the general public cloud. While there are various totally different options, none can meet the stringent necessities required for a cost system. Microsoft, working with Thales, stepped as much as present a cost HSM answer that might meet the modernization ambitions of ACI Worldwide’s know-how platform. It has been a pleasure working with each groups to carry this answer to actuality.”
—Timothy White, Chief Architect, Retail Payments and Cloud |
Service overview
Azure Payment HSM answer is delivered utilizing Thales payShield 10K Payment HSM, which presents single-tenant HSMs and full distant administration capabilities. The service is designed to allow complete buyer management with strict position and information separation between Microsoft and the shopper. HSMs are provisioned and linked on to the shopper’s digital community, and the HSMs are beneath the shopper’s sole administration management. Once allotted, Microsoft’s administrative entry is restricted to “Operator” mode and full duty for configuration and upkeep of the HSM and software program falls upon the shopper. When the HSM is not required and the system is returned to Microsoft, buyer information is erased to make sure privateness and safety. The answer comes with Thales payShield premium package deal license and enhanced help Plan, with a direct relationship between the shopper and Thales.
Figure 1: After HSM is provisioned, HSM system is linked on to a buyer’s digital community with full distant HSM administration capabilities by Thales payShield Manager and TMD.
The buyer can rapidly add extra HSM capability on demand and subscribe to the best efficiency degree (as much as 2500 CPS) for mission-critical cost purposes with low latency. The buyer can improve, or downgrade HSM efficiency degree primarily based on enterprise wants with out interruption of HSM manufacturing utilization. HSMs might be simply provisioned as a pair of gadgets and configured for top availability.
Azure stays dedicated to serving to clients obtain compliance with the Payment Card Industry’s main compliance certifications. Azure Payment HSM is licensed throughout stringent safety and compliance necessities established by the PCI Security Standards Council (PCI SSC) together with PCI DSS, PCI 3DS, and PCI PIN. Thales payShield 10K HSMs are licensed to FIPS 140-2 Level 3 and PCI HSM v3. Azure Payment HSM clients can considerably cut back their compliance time, efforts, and price by leveraging the shared duty matrix from Azure’s PCI Attestation of Compliance (AOC).
Typical use circumstances
Financial establishments and repair suppliers within the cost ecosystem together with issuers, service suppliers, acquirers, processors, and cost networks will profit from Azure Payment HSM. Azure Payment HSM permits a variety of use circumstances, comparable to cost processing, which permits card and cellular cost authorization and 3D-Secure authentication; cost credential issuing for playing cards, wearables, and linked gadgets; securing keys and authentication information and delicate information safety for point-to-point encryption, safety tokenization, and EMV cost tokenization.
Get began
Azure Payment HSM is accessible at launch within the following areas: East US, West US, South Central US, Central US, North Europe, and West Europe
As Azure Payment HSM is a specialised service, clients ought to ask their Microsoft account supervisor and CSA to ship the request by way of e mail.
Learn extra about Azure Payment HSM
To obtain PCI certification stories and shared duty matrices: