A Cost Effective Alternative to Purchasing the payShield 10K

Do you need to migrate to the latest payShield 10K?

MYHSM, a global provider of Payment HSMs as a service, offers an alternative to purchasing, hosting, and managing payShields in-house by providing access to the latest Thales payShield 10K as a fully managed, PCI PIN and PCI DSS certified Payment HSM Service.

All Thales payShield 9000 customers will be required to migrate to the next generation payShield 10K model by the end of December 2022. This migration is required to maintain the latest security standards in line with PCI DSS and to ensure ongoing support and operational efficiencies. Typically, this happens every 7-8 years and involves a costly and complex process of securely disposing old payShields and creating a detailed and comprehensive implementation plan, even when upgrading within the same product family.

What are your options if you are currently using the payShield 9000?

Users of the payShield 9000 have essentially two options to consider:

Option 1: Purchase the latest payShield 10K and host the hardware on-premise or at colocated data centres. This will require significant capex and the following additional costs will need to be considered:  

• Installation costs, including time and effort of IT and Network Operation staff to install new payment HSMs and document the entire process for PCI PIN audits.
• Cost and time required to follow a rigorous set of procedures to protect sensitive information whilst decommissioning and securely disposing of old devices.
• Testing costs, which may include a PoC and Pilot.
• Re-training costs for example the interpretation of status indicators and firmware update procedures is different for the 10K model.
• The cost and effort associated with reviewing and updating all PCI audit procedures.

Option 2: Outsource the payShield 10K to a Payment HSM service provider like MYHSM. This option provides remote access to the latest payShield 10K as a subscription based service, converting capex to opex. Unlike any other Payment HSMaaS offering, MYHSM provides a fully managed service delivering further benefits and efficiencies to the user.

What does the MYHSM fully managed service involve?

As part of the MYHSM service, users gain global, remote access, via a secure mutually authenticated TLS connection to a minimum of three payShield 10Ks located in two geographically separate data centres, providing resilience and 99.999% availability.

In addition to the payShield 10K’s, MYHSM is responsible for the management and provision of all associated networking hardware & firmware in its data centres. Maintaining and replacing all equipment, including latest firmware instalments, configuration updates and capacity management.

A team of dedicated SME’s will monitor the HSM system components responding to any incidents involving MYHSM equipment.  Users will have access to a secure online customer portal to view the status and health of their HSMs amongst many other features.

MYHSM also manages the HSM operations including MFK management and will generate, receive, and form master keys, which can be monitored and tracked via the customer portal.

Essentially, using MYHSM’s fully managed service enables Banks and Financial Institution’s to focus resources, efforts, and costs on other key areas of the business, safe in the knowledge that a dedicated team of experts are monitoring and managing their Payment HSM estate and on hand to provide support when required.

The benefits of a Payment HSM ‘as a service’ model

Financial institutions are embracing and adopting the cloud for core systems and platforms such as banking and payment transactions to enhance competitiveness. An ‘as a service’ model for Payment HSMs allows companies to modernise their IT infrastructure by leveraging a cloud-based architecture which avoids lengthy vendor lock-ins and delivers greater operational efficiencies, whilst maintaining regulatory compliance.

Removing and or reducing on-premises infrastructure and migrating to the cloud via an ‘as a service’ model means Banks and Financial Institution’s are better positioned to respond to evolving market demands allowing them to deliver more innovative products and offerings quickly & securely. The MYHSM Test service can be set up in as little as 3-4 days and the agility and scalability of the service allows institutions to effortlessly process increasing payment volumes.

The cloud has become a key digital enabler for the industry and according to a recent survey by McKinsey, more than 60% of banks are planning to move the bulk of their environment to the public cloud in the next five years. Payment HSMs as a Service provides the missing piece of the cloud adoption puzzle.

What’s more, Payment HSM skills are specialised and difficult to maintain and with a dwindling pool of expertise for cryptography, outsourcing the HSM security to MYHSM’s team of experts can enhance the overall security of the estate.

To conclude…

With an imminent deadline to migrate to the payShield 10K required before the end of 2022, now is the time to consider and test alternative options to the status quo. At MYHSM we have devised a seamless migration process from on-premise to our fully managed, PCI PIN and PCI DSS compliant service. Our team of experts will help you all the way from testing, to pilot to full production and our dynamic monthly subscription fee converts capex to opex without compromising on functionality, availability, or compliance.

To discover more advantages of migrating to the MYHSM Service, review our ‘Top 10 Reasons to Migrate’ document here.

If you have any questions or would like to discuss your HSM requirements contact us today.