Introducing the payShield 10K
Payment HSM payShield 10K
payShield 10K, the fifth generation of payment HSMs from Thales, delivers a suite of payment security functionality proven in critical environments including transaction processing, sensitive data protection, payment credential issuing, mobile card acceptance and payment tokenization. Like its predecessors over the past 30+ years, payShield 10K can be used throughout the global payment ecosystem by issuers, service providers, acquirers, processors and payment networks.
Thales payShield 10K Product Picture
You can confidently secure digital payments. Watch the Thales payShield 10K Product Picture.
Playing a fundamental security role for both face-to-face and digital remote payments, it delivers the necessary trust that underpins the communications between payments participants. Thales payShield 10K addresses the latest mandated security requirements and best practices for a wide range of organizations including EMVCo, PCI SSC, GlobalPlatform, Multos, ANSI and the various global and regional payment brands and networks.
Our payment HSMs are capable of being securely configured, managed and monitored remotely from locations of convenience to reduce your costs and simplify your ongoing operations.
Equipped with dual hot-swappable power supplies and fans, our latest HSMs significantly increase the mean time between failure (MTBF) and simplify field maintenance.
Leverage proven integrations
Thales payment HSMs are the most widely deployed in the world and are supported by the largest number of payment application providers.
Card/Mobile Payments Support
payShield 10K has a comprehensive range of functions that supports the needs of the leading payment brands (American Express, Discover, JCB, Mastercard, UnionPay and Visa) including:
PIN and card verification functions for all major payment brands
EMV transaction authorization and messaging
Mobile payment transaction authorization and key management
Remote Key Loading for ATM and POS devices
Regional/National key management (including Australia, Belgium, Germany and Italy)
Mastercard On-behalf key management (OBKM) support
Magnetic stripe and EMV-based data preparation and personalization including mobile provisioning
PIN generation and printing
DES and Triple-DES key lengths 112 & 168 bit
AES key lengths 128 bit, 192 bit & 256 bit
RSA (up to 4096 bits)
ECC as defined in FIPS 186-3 (P-256, P-384 & P-521)
HMAC, MD5, SHA-1, SHA-2, SHA-224, SHA-256, SHA-384 & SHA-512
Financial Services Standards
ISO: 9564, 10118, 11568, 13491, 16609
ANSI: X3.92, X9.8, X9.9, X9.17, X9.19, X9.24, X9.31, X9.52, X9.97
ASC X9 TR-31, X9 TG-3/TR-39
APACS 40 & 70
TCP/IP & UDP (1Gbps or 10Gbps) – dual ports
Secure Host Communications Management option for TLS authenticated sessions on Ethernet host port
FIPS 140-2 Level 3 (security sub-system)
PCI HSM v3 (selected software versions) including RAP
PCI HSM v3 KLD (for payShield TMD)
Base software packages
Base software packages with a range of performance levels are available to align closely with customer deployment and usage requirements.
Optional software licenses
Optional licenses are available to extend payShield functionality and can be acquired and installed at any time throughout the product lifecycle.
Package and license upgrades
As your transaction volumes grow or you need to support new application use cases, performance is boosted via software licenses and additional HSMs with different software packages can be added to the estate and managed as easily as the installed base.
payShield 10K HSMs can be managed in local or remote mode using the payShield Manager browser-based application. The remote mode of payShield Manager is specifically designed to eliminate the need to travel to data centers for HSM management requires the purchase of an additional license.
A comprehensive monitoring platform for both payShield 9000 and payShield 10K HSMs that enables operations teams to gain 24x7 visibility into the status of all their payShield HSMs, including those residing across distributed data centers.
payShield Trusted Management Device
The payShield Trusted Management Device (TMD) complements the payShield Manager remote management solution for Thales payment HSMs by offering an efficient, flexible and secure approach to managing and sharing critical keys in locations remote from production HSMs.
Secure smart cards to hold local master key (LMK) components for master key management and authentication credentials associated with remote HSM management options are available in packs of 6, 30 or 100 to suit a wide range of customer deployment requirements.
Additional PSUs and fans
Each payShield 10K devices is fitted with dual hot-swappable power supply units (PSUs) and fans as standard. To provide coverage in the unlikely event of a hardware failure you can purchase spare PSUs and fans in advance to avoid any scheduled downtime.
Replacement locks and keys
payShield 10K uses two highly secure locks with associated keys on the front panel as part of the security administration procedures. The items are tightly controlled and registered and are not available on the open market. In the event that the device locks are damaged or keys are lost, a secure service to provide replacement locks and key is available from Thales.