Breadcrumb

What Are Hardware Security Modules?

Written by

The GoCardless content team comprises a group of subject-matter experts in multiple fields from across GoCardless. The authors and reviewers work in the sales, marketing, legal, and finance departments. All have in-depth knowledge and experience in various aspects of payment scheme technology and the operating rules applicable to each. The team holds expertise in the well-established payment schemes such as UK Direct Debit, the European SEPA scheme, and the US ACH scheme, as well as in schemes operating in Scandinavia, Australia, and New Zealand. See full bio

Last editedOct 20212 min read

As the world of business moves further and further into the digital space, the need for high levels of security and fraud protection becomes crucial. Specifically, the retail banking industry is responsible for vast quantities of customers’ personal details and banking information, and sophisticated measures are necessary to keep this confidential information safe. This is where hardware security modules, also known as payment HSMs, come into play.

Payment HSMs are a form of cryptography, which means writing codes as a form of secure communication of information. Put simply, it is a network computer that performs a number of different operations in order to protect information as it is communicated across channels. Keep reading to find out about HSMs and how they are important to security.

What’s a HSM, exactly?

A hardware security module is a network computer or piece of hardware that carries out several different operations to keep information safe. The HSM, of course, must exist in a trusted environment without any viruses, malware or unauthorised access. The functions that a HSM carries out include:

Verification of user-entered PIN numbers against the reference PIN that is held by the card issuer.
Re-encryption of a PIN block to be sent to other authorisation hosts.
Secure key management.
Generation of card keysets and smart card personalisation processes.
Supporting crypto-API through the use of an EMV.

As previously mentioned, HSMs carry out cryptography to protect information. This is a complex process, but in simple terms it involves using keys that refer to specific pieces of information. The keys must therefore be managed carefully, which is the job of the hardware security module. It is resistant to tampering from external sources, and protects cryptographic keys as they carry out processes of encryption and decryption.

What is HSM in payment?

Essentially, all of the above allow for the provision of flexible and efficient transactions for online payment systems. They allow customers to safely complete transactions using their preferred payment method and protect companies from potential security breaches. Through the generation, storage and protection of cryptographic keys, the payment HSM authorises individuals to submit online payments.

It’s important for businesses to provide some form of payment protection for their customers. Traditionally, this was done through a physical HSM box, but the technology has developed significantly since then and hardware security modules are now usually hosted by cloud-based solutions.

Hardware security modules vs smart cards

Now that you know what is HSM in payment, you may be considering whether it’s the best option for you when protecting your customers’ payment information. While HSMs are a great way to keep sensitive information safe, there are also alternatives that you can consider.

One such alternative is smart cards. These are small, physical security devices that are around the size of a credit card, and they can be used to validate electronic payments. They must be connected to a smart card reader to allow for encryption of information, and therefore cannot be automated. Individuals within your organisation should all be assigned a smart card for manual approvement of payments.

Smart cards are a great way to track employee payment fraud as each one is assigned to a specific person within your organisation who has permission to authorise submissions. In general, they offer a higher level of security as the audit trail is much easier to track. On the other hand, they are much slower and involve a lot more work than hardware security modules, which can be automated to allow for immediate payments.

Overall, HSMs are much better suited to online retail environments and smaller transactions. However, for large transactions or where the possibility of fraud is higher, a smart card could be a better alternative.

We can help

GoCardless helps you automate payment collection, cutting down on the amount of admin your team needs to deal with when chasing invoices. Find out how GoCardless can help you with ad hoc payments or recurring payments.