Payment processing. Encryption. Cloud migration. Hardware security modules. Point-to-Point Encryption. Cryptography. It’s not just vocabularies that have expanded in the fintech sector — an evolution is underway — with financial services providers expanding their consumer offerings, advancing their technological capabilities, and reinforcing their cryptographic infrastructures in order to innovate in the payments space.
There is no question that payment processing and cryptography go hand in hand. Payment hardware security modules (HSMs) are the security backbone for financial institutions’ payment systems encryption and key management. They provide the critical cryptographic infrastructure the industry requires to enable secure, scalable commerce around the world. It is critical — and mandated by law — that encrypted personally identifiable information (PII) and transaction data be stored in a highly secure environment, such as an HSM, to prevent unauthorized access.
Payment Processing in the Cloud Gets Real
As financial services providers explore new ways to innovate their offerings to consumers, integrate with more payment applications, and streamline their crypto key management processes, they are turning to next-generation cryptography and the cloud. This is driven in part by the migration of payment HSMs to the cloud, offering the scalability and cost benefits of the cloud for payments along with the ability to streamline processes, such as key management.
Everyday financial needs — transaction acquiring, card and mobile issuing, point-to-point encryption — can now be conducted in the cloud while meeting security and payment compliance requirements such as FIPS 140-2 validation, PCI DSS, PCI P2PE, and PCI PIN.
Applications Fueling Cloud Migration
Neobanks and new cloud-based applications are all fueling cloud adoption. We are seeing application providers working rapidly to natively integrate support for cloud-based HSMs. We’re talking payment applications that can do point-to-point encryption, transaction acquiring, card and mobile issuance, magnetic stripe or mobile payment provisioning, etc. All of these require HSMs, being offered as a service or in the cloud. The emergence of cloud APIs, such as the Futurex web API, simplify integration efforts. Traditionally, integrating payment HSMs with cloud and other business applications has been a cumbersome and slow process.
Industry Overcoming Challenges
Until recently, financial services organizations experienced some hurdles when it came to migrating to the cloud — especially regarding regulatory compliance and infrastructural complexity.
Managing an organization’s security infrastructure is challenging. Key management is complex. There are risks involved with misconfiguration or misunderstandings of cryptographic principles. There’s always the lingering fear, “Did we do this correctly?” Here are six issues we’re seeing:
- Complicated infrastructure. Organizations have moved their payment applications to the cloud, but are challenged with migrating their legacy cryptography infrastructure to the cloud
- Regulatory issues. In some cases, the HSM portion of organizations’ cryptographic infrastructure needed to remain on-premises, largely due to PCI PIN and PCI P2PE security requirements
- Influx of applications. More applications integrating with cloud HSMs adds to the sophistication and complexity of cloud deployments
- Testing the waters. Organizations are exploring different key management options that include on-premises, cloud, and hybrid
- Cloud maturity. Bring Your Own Key (BYOK) and multi-cloud have emerged as important cryptographic strategies
- Crypto-agility. Organizations are looking to future-proofing their infrastructures
Organizations are looking to utilize cloud services while controlling their own cryptographic keys — also referred to BYOK. Prior to this, lack of control over keys was a notable barrier to cloud migration. Organizations also want to rely on a multi-cloud approach for computing workloads. When it comes to key management, some of the public cloud providers’ key management services aren’t compatible. Using a cloud-agnostic key management service, such as Futurex’s next-generation cloud payment HSMs, makes it easier to deploy a multi-cloud solution from a key management perspective.
Financial Cryptography: Innovations All Around
When it comes to the intersection of financial services and cryptography, we are seeing innovations all around. The cryptographic cloud infrastructure is getting strong. We are seeing a rapid lifecycle of different standards coming out regularly, such as PCI Contactless Payments on COTS (CPoC). We are experiencing emerging new payment terminals and contactless payments. And there has been an influx of cloud-based payment applications.
For organizations looking for a seamless experience when migrating their on-premises encryption and data security operations, now is the time to move forward.