Close this search box.

PayShield 10K: Why migrate?


As companies become increasingly digital, the risk of data breaches and cyber attacks increases. One of the most important steps in protecting yourself is to choose the right payment security solution. That’s where payShield 10K does its part.

payShield 9000 is one of the most popular payment security solutions on the market. However, with the release of payShield 10K, businesses now have a new option to choose from.

But why should companies migrate from payShield 9000 to the new payShield 10K? Continue reading the article until the end and learn about the differences and advantages of migrating.

Meet the new payShield 10K

Thales’ fifth generation payment HSM, payShield 10K provides proven security features in critical environments, including transaction processing, protection of sensitive data, payment credential issuance, mobile card acceptance, and tokenization.

Similar to its predecessor payShield 9000, the new version can be used across the global ecosystem by issuers, service providers, acquirers, processors, and payment networks.

payShield 10K offers several benefits that complement the previous versions, showing Thales’ commitment to the continuous improvement of its products.

In practice, the new version:

  • Simplifies deployment in data centers;
  • It offers high resiliency and availability;
  • It provides the broadest card and mobile application support in a timely manner;
  • Supports performance upgrades without hardware change;
  • Maintains compatibility with all legacy Thales payment HSMs.

Top 10 Reasons to Switch to PayShield 10K

1. Thinner format

The new version of payShield 10K reduces the unit height to 1U, which means that you can stack twice as many units in the rack as with payShield 9000, reducing the cost of investment.

The unit is now longer for easier access to the connectors on the back panel and comes with slide rails to help simplify and speed up the installation process.

The front panel design retains the familiar left and right key mechanisms so you can securely lock the HSM in the rack.

2. Lower energy consumption

Every watt of power that a device requires increases your data center’s power and cooling costs.

The new payShield 10K design, leverages the latest energy efficient components and power management techniques to reduce overall power consumption, even while operating at twice the cryptographic performance, by 40%.

This will undoubtedly help reduce your data center’s electricity bill and contribute to your company achieving its “green goals”.

3. Increased resilience and availability

If your company is forced to take an HSM offline for routine configuration tasks or to replace a faulty power supply, it negatively affects the availability of your financial services infrastructure.

Thales in its continuous improvement process, enhances the physical design with payShield 10K, providing two power supplies and hot swappable fans as standard, improving MTBF, providing a very high expected uptime.

As part of the mission to help keep your payShield 10K running 24/7, the new version of the appliance performs additional background monitoring of HSM system processes and application code.

If problems are detected, they will be fixed automatically without any intervention from the IT team.

4. payShield 10K with faster firmware updates

Loading firmware usually means taking the HSM offline for several minutes. With payShield 10K, the firmware upgrade workflow process has been reduced while maintaining all the necessary security checks for authenticity and code integrity.

The reliability and ease-of-use aspects have also been improved, so that if power or connectivity interruptions occur, the charging process will automatically recover to minimize the possibility of the HSM becoming idle.


5. Clearer visual indicators

The payShield 10K has a simple and neat front panel design that displays a red warning triangle when a tampering event occurs.

When all is well, the left handle on the front panel is illuminated white, but if regular background integrity checks discover a problem, the handle will turn red.

To help identify which HSM in a rack may need emergency or scheduled intervention, operations staff can now quickly direct local staff to the HSM that needs support by illuminating the front and rear maintenance lights using payShield Manager.

In addition, the front light illuminates the unit’s serial number, making it easy to read if necessary. These are just some of the time-saving features introduced in payShield 10K, some inspired by customer feedback.

6. Clear confirmation of key removal

In the routine of IT infrastructure administrators, it is sometimes necessary to move an HSM from a production environment to another, less secure location.

Under various security audit constraints, critical keys, such as active LMKs, must not be present when the unit is at the new location.

The payShield 10K contains a dedicated key removal confirmation light on the back panel to ensure that no keys or sensitive data reside on the drive and that it is safe to deactivate.

This improved approach to erasing the key provides confirmation even after the unit is turned off.

7. Even stronger tamper protection

payShield 10K has multiple levels of tamper detection that, when activated, erase keys and confidential data in the event of an attack.

A fully locked cover is also used to increase the complexity for any attacker.

Attempts to access the inside of the internal safety module cause the device to be permanently disabled.

8. Broader cryptographic support

To support new payment methods, the new version of the hardware is able to leverage very fast hardware-based ECC processing in addition to the legacy 3DES, AES, and RSA algorithms.

Many of the emerging payment credential issuance use cases use ECC instead of RSA, especially when the payment instrument is a mobile, IoT or connected device.

payShield 10K is ready for enhancement to support a much wider range of cryptographic algorithms and mechanisms as they become formalized as part of the growing range of payment security specifications.

9. Even Higher Performance

Card payments and online digital payments are growing year by year, requiring you to constantly monitor and upgrade your processing bandwidth.

The new version of payShield offers significantly higher RSA and 3DES performance than its predecessors, which can reduce the number of devices in the previous version and lower your costs.

This faster cryptographic engine also provides more consistent and predictable performance across all host commands, even in heavy load situations and when TLS-based secure communications are in use.

10. payShield 10K features superior architecture

As the payments world increasingly looks for new deployment models involving a mix of private and public clouds, payShield 10K is specifically designed to offer secure remote management and monitoring, providing a true ‘contactless’ experience.

This provides support for various types of payment service offerings and more capabilities to perform functions securely across a wide range of operating environments.

With its enhanced features, payShield 10K is well suited to handle the ever-changing landscape of payment security.

payShield 10K ensures payment security

With payShield 10K you are assured that your company meets the highest security standards in the financial industry.

The fifth generation of payment HSMs from Thales, Eval’s partner company, offers a suite of proven security features in critical environments, in addition to transaction processing, protection of sensitive data, payment credential issuance, mobile card acceptance, and tokenization.

The payShield 10K solution can be used throughout the global payments ecosystem by issuers, service providers, acquirers, processors, and payment networks, offering a number of benefits.

Eval Professional Services has a team of specialized professionals with the best practices in the market

Benefit from our years of experience and expertise in information security and compliance with the General Data Protection Act (LGPD). We will be your partner for realizing digitization projects in compliance with security and data protection regulations.

We share our expertise across all business flows in healthcare organizations to help you minimize risk, maximize performance, and ensure the data protection your patients and partners expect.

About Eval

With a track record of leadership and innovation dating back to 2004, Eval not only keeps up with technological trends, but we are also in an incessant quest to bring news by offering solutions and services that make a difference to people’s lives.

With market recognized value, Eval’s solutions and services meet the highest regulatory standards for public and private organizations, such as SBIS, ITI, PCI DSS, and LGPD. In practice, we promote information security and compliance, increase companies’ operational efficiency, and reduce costs.

Innovate now, lead always: get to know Eval’s solutions and services and take your company to the next level.

Eval, safety is value.


Sobre o(s) autor(es):


Outras postagens