We’re very excited to announce the final availability of Azure Fee HSM, a BareMetal Infrastructure as a service (IaaS) that permits clients to have native entry to fee HSM within the Azure cloud. With Azure Fee HSM, clients can seamlessly migrate PCI workloads to Azure and meet probably the most stringent safety, audit compliance, low latency, and high-performance necessities wanted by the Fee Card Business (PCI).
Azure Fee HSM service empowers service suppliers and monetary establishments to speed up their fee system’s digital transformation technique and undertake the general public cloud.
![]() |
“Fee HSM help within the public cloud is without doubt one of the most vital hurdles to beat in shifting fee techniques to the general public cloud. Whereas there are various completely different options, none can meet the stringent necessities required for a fee system. Microsoft, working with Thales, stepped as much as present a fee HSM resolution that might meet the modernization ambitions of ACI Worldwide’s expertise platform. It has been a pleasure working with each groups to carry this resolution to actuality.”
—Timothy White, Chief Architect, Retail Funds and Cloud
|
Service overview
Azure Fee HSM resolution is delivered utilizing Thales payShield 10Ok Fee HSM, which affords single-tenant HSMs and full distant administration capabilities. The service is designed to allow whole buyer management with strict function and information separation between Microsoft and the shopper. HSMs are provisioned and linked on to the shopper’s digital community, and the HSMs are below the shopper’s sole administration management. As soon as allotted, Microsoft’s administrative entry is restricted to “Operator” mode and full accountability for configuration and upkeep of the HSM and software program falls upon the shopper. When the HSM is not required and the machine is returned to Microsoft, buyer information is erased to make sure privateness and safety. The answer comes with Thales payShield premium package deal license and enhanced help Plan, with a direct relationship between the shopper and Thales.
Determine 1: After HSM is provisioned, HSM machine is linked on to a buyer’s digital community with full distant HSM administration capabilities by Thales payShield Supervisor and TMD.
The shopper can rapidly add extra HSM capability on demand and subscribe to the best efficiency stage (as much as 2500 CPS) for mission-critical fee purposes with low latency. The shopper can improve, or downgrade HSM efficiency stage primarily based on enterprise wants with out interruption of HSM manufacturing utilization. HSMs might be simply provisioned as a pair of units and configured for prime availability.
Azure stays dedicated to serving to clients obtain compliance with the Fee Card Business’s main compliance certifications. Azure Fee HSM is licensed throughout stringent safety and compliance necessities established by the PCI Safety Requirements Council (PCI SSC) together with PCI DSS, PCI 3DS, and PCI PIN. Thales payShield 10Ok HSMs are licensed to FIPS 140-2 Degree three and PCI HSM v3. Azure Fee HSM clients can considerably cut back their compliance time, efforts, and value by leveraging the shared accountability matrix from Azure’s PCI Attestation of Compliance (AOC).
Typical use circumstances
Monetary establishments and repair suppliers within the fee ecosystem together with issuers, service suppliers, acquirers, processors, and fee networks will profit from Azure Fee HSM. Azure Fee HSM permits a variety of use circumstances, comparable to fee processing, which permits card and cell fee authorization and 3D-Safe authentication; fee credential issuing for playing cards, wearables, and linked units; securing keys and authentication information and delicate information safety for point-to-point encryption, safety tokenization, and EMV fee tokenization.
Get began
Azure Fee HSM is on the market at launch within the following areas: East US, West US, South Central US, Central US, North Europe, and West Europe
As Azure Fee HSM is a specialised service, clients ought to ask their Microsoft account supervisor and CSA to ship the request through e mail.
Study extra about Azure Fee HSM
To obtain PCI certification experiences and shared accountability matrices: