AWS Payment Cryptography Features

AWS Payment Cryptography simplifies integration for payment processing applications by streamlining payment key management and the implementation of cryptographic operations. AWS Payment Cryptography is designed to help you meet your needs as a financial institution or payment service provider.

Dedicated, expensive payment hardware security modules (HSMs) traditionally anchor your payment workloads to on-premises data centers. AWS Payment Cryptography replaces those HSMs with an elastic, pay-as-you-go AWS service and is designed to help you meet major financial services compliance regimes and security rules.

AWS Payment Cryptography streamlines payment key management, including importing and generating keys, automated key management (store, rotate, back up, recover, and shred), and export keys. The service implements and enforces American National Standards Institute (ANSI) TR-31 attributes, such as key usage and modes of use. Tags can be used to track the use of keys shared with business partners.

AWS Payment Cryptography is designed to meet payment card industry (PCI) standards including PIN Security, Point-to-Point Encryption (P2PE), Data Security Standard (DSS), and PCI 3-D Secure (3DS). The service provides AWS CloudTrail logs for key management activities to support customer compliance reporting. Cryptographic key metadata is reviewable through list key and get key APIs to provide information needed for PCI PIN, PCI P2PE, and other compliance programs.

As a managed service, AWS Payment Cryptography can help you meet your security and compliance needs as outlined in the AWS Shared Responsibility Model. Under this model, AWS is responsible for maintaining the infrastructure of the cloud, including the HSM hardware used to provide the service. You can implement appropriate access controls using AWS IAM policies and audit usage using Amazon CloudWatch and AWS CloudTrail.

AWS Payment Cryptography automatically delivers high availability and on-demand scaling of payment cryptographic operations. The AWS Global Infrastructure can help you meet your data residency requirements or regional certification standards.

AWS Payment Cryptography offers cryptography operations required for your payment applications through RESTful APIs. These APIs provide concise methods to perform common use cases and replace complex and vendor-specific socket-based calls typically used for integrating with payment HSMs.