payShield Trusted Management Device
Execute critical key management task without any physical connection to a production HSM, providing greater operational flexibility without compromising security.
payShield TMD offers secure, flexible and efficient key management for payment HSMs. It is a compact, intuitive, self-contained secure cryptographic device (SCD) that enables you to perform symmetric key management tasks including securely forming keys from separate components or splitting existing keys retrospectively into new components. payShield TMD generates and shares keys in a manner that is compliant with relevant security standards, including X9 TR-31, ANSI X9.24-1 and PCI PIN Security.
Unlike traditional approaches, these critical key management tasks can be carried out without any physical connection to a production HSM, providing greater operational flexibility without compromising security. For example, a single payShield TMD can form keys for multiple payment HSMs distributed across multiple data centers, enabling large payment processors to create and distribute thousands of Key Encrypting Keys (KEKs) or Zone Master Keys (ZMKs) in a timely and secure manner while eliminating data entry errors.
Each payShield TMD shares one or more Master ZMKs (MZMKs) with the HSMs to facilitate secure exchange of key material. payShield TMD does not require access to the Local Master Keys (LMKs) used by the production HSMs. Keys exchanged between a payShield TMD and an HSM are encrypted under the appropriate MZMK.
Simplify key management
Leverage unique QR code method for key import and export to streamline the process and eliminate data entry errors common in legacy approaches.
Minimize time required
Perform all sensitive key management tasks in a secure remote location 24×7. No need to book data center slots or have physical access to production HSMs.
Share keys securely
Take advantage of our standard-based management approach for keys and components when sharing keys with HSMs from multiple vendors.
Let’s talk about TMD migration
If changing the core of your payments system is too sensitive to leave to chance, you’re in the right place! Our speciality is helping businesses steer their migrations in the right direction. We’ll set you up with the strategy, tactics and tools you need to satisfy the service delivery and the regulator.
Step 1 – Process Review
The Process Review is a deep dive into the HSM key management framework supporting your business. We will complete a detailed review that will form the basis of our TMD implementation recommendation. Then we’ll feedback exactly what we have found out.
You’ll walk away from the review with clarity, confidence and direction. You’ll know what the effort of TMD implementation is for your business, where you should be to successfully complete the implementation, and what steps you should take to move the implementation forward.
Step 2 – Upgrade Playbook
Now that you know where you want to go, you need a plan to get there.
Most organisation went from green screen terminal key management to dedicated management laptops during the last decade but the procedure remained largely the same, so a plan is necessary to continue to meet the objectives of demonstrable and repeatable processes.
We believe the best plan is the one that meets its security objectives and considers the right convenience factors for your business. That’s why we’ve distilled the migration process down to key steps that will take you from “zero” to a full Upgrade Playbook as fast as possible.
You’ll come out of this process with an upgrade strategy that’s tailor-made for your firm, a set of hand picked tactics that you can execute immediately, and a clear action plan that lays out exactly what you need to do next.
Step 3 – Upgrade Support
With your TMD Procedures in place, you’ll be ready to roll up your sleeves and get to work. As you get started, it helps to have an expert look over your shoulder, steer you in the right direction, and prevent you from making some common mistakes that could see you with technical difficulty or worse still compliance issues.
With Migration Support, we’ll coach your Business As Usual team through the execution of your the daily procedures, engage the Senior Stakeholders as necessary. You’ll receive the guidance, support and accountability you need to follow through on your plan. By the end of it, you’ll have a working upgraded platform with no regulation fires to fight.
UPGRADING or MIGRATING
UPGRADING or MIGRATING
Our customers like to work with us because we raise their game with:
1. Multi level engagement at the right time providing a continuous and informative point of contact with consulting leadership.
2. A complete documentation framework for providing regulatory obligations consisting of:
- Procedures mandatory for regular operations.
- Live support to direct or coach regular staff member through relevant procedures such as key ceremony, migration, implementation.
Let us handle BAU handover and training. We also stay on hand to offer support and guidance for the integration that takes place, APIs, settings, ports, performance etc
Our customers like to work with us because we raise their game with:
1. Multi level engagement at the right time providing a continuous and informative point of contact with consulting leadership.
2. A complete documentation framework for providing regulatory obligations consisting of:
- Performance registers – we capture every operation that is executed on their platform.
- Procedures mandatory for regular operations.
- Live support to direct or coach regular staff member through relevant procedures such as key ceremony, migration, implementation.
- Mandatory attestation collection enabling demonstrable evidence for historic performances.
Let us handle BAU handover and training. We also stay on hand to offer support and guidance for the integration that takes place, APIs, settings, ports, performance etc