InfoQ Homepage News AWS Payment Cryptography: New Service for Payment Processing Applications
AWS Payment Cryptography: New Service for Payment Processing Applications
This item in japanese
Jun 21, 2023 1 min read
by
Write for InfoQ
Feed your curiosity. Help 550k+ globalsenior developers
each month stay ahead.Get in touch
At the recent re:Inforce conference, AWS announced Payment Cryptography, a new service to manage payment cryptography operations. The new elastic option simplifies key management for payment processing applications, helping customers meet PCI security requirements.
Payment Cryptography can be used to replace the payments-specific cryptography and key management functions that are usually provided by on-premises payment hardware security modules (HSMs). Developers can encrypt and decrypt payment-related data, managing sensitive data such as cardholder pins, without exposing the clear text.
With the new managed service, it is possible to manage symmetric and asymmetric keys, including TDES, AES, and RSA keys. Payment Cryptography stores them in HSMs, enforcing key separation between use cases, and supports lists and tags for identification and access control. Danilo Poccia, chief evangelist of EMEA at AWS, explains:
Applications using payments HSMs have challenging requirements because payment processing is complex, time-sensitive, and highly regulated and requires the interaction of multiple financial service providers and payment networks. Every time you make a payment, data is exchanged between two or more financial service providers and must be decrypted, transformed, encrypted, or validated at each step.
According to AWS, the new service helps payment facilitators, processors, and banks minimize dependencies on dedicated HSMs deployed in external data centers or colocation facilities. Poccia adds:
To provide its elastic cryptographic capabilities in a compliant manner, AWS Payment Cryptography uses HSMs with PCI PTS HSM device approval. These capabilities include encryption and decryption of card data, key creation, and pin translation. AWS Payment Cryptography is also designed in accordance with PCI security standards such as PCI DSS, PCI PIN, and PCI P2PE, and it provides evidence and reporting to help meet your compliance needs.
Payment Cryptography is not the first product offered by AWS for cryptographic operations: Key Management Service (KMS) is a service to manage encryption keys, while AWS CloudHSM provides dedicated single-tenant HSMs and requires customers to actively manage the clusters.
The new service has no upfront commitment and the pricing is based on two components: charges per API call initiated (starting at 2ドル.00 per 10k API calls) and the number of active keys (1ドル.00 per active key). Jonathan Conway, director at Deep Thinking, tweets:
This had me at ease of automation, but the pricing always makes it really palatable for early-stage Fintechs.
The new service is currently available only in the US East and US West regions.
This content is in the Cloud topic
Related Topics:
-
Related Editorial
-
Related Sponsors
-
Popular across InfoQ
-
AWS Introduces ECS Managed Instances for Containerized Applications
-
Producing a Better Software Architecture with Residuality Theory
-
GitHub Introduces New Embedding Model to Improve Code Search and Context
-
Google DeepMind Introduces CodeMender, an AI Agent for Automated Code Repair
-
Building Distributed Event-Driven Architectures across Multi-Cloud Boundaries
-
Elena Samuylova on Large Language Model (LLM)-Based Application Evaluation and LLM as a Judge
-
Related Content
The InfoQ Newsletter
A round-up of last week’s content on InfoQ sent out every Tuesday. Join a community of over 250,000 senior developers. View an example