Skip to main content
purple hex pattern
woman sliding card into Verifone card reader

The Challenge: Maximize security for credit card transactions without slowing performance

verifone logo

As a leader in trusted and secure payment solutions, Verifone understood that retailers needed a better way to secure credit card transactions and reduce the risk of compromise of their customers’ data. Major, well-publicized data breaches have continued to cost retailers millions of dollars each year in damage to reputation and depressed sales. But any solution that provides increased protection for cardholder data needs to do so while maintaining the highest levels of performance – up to millions of transactions per day – for users like processors and retailers.

The Solution: End-to-end encryption powered by Entrust nShield HSMs

Verifone looked to Entrust nShield® hardware security modules (HSMs) to provide high assurance encryption and key management functionality as a critical component of its VeriShield Total Protect solution. VeriShield encrypts cardholder data from the precise moment of acceptance on through to the point of processing, where transactions are decrypted and sent to the payment networks. Entrust nShield HSMs are used to perform secure key exchanges and secure key derivations that produce a unique key to protect each and every payment transaction.

Taking advantage of capabilities unique to the Entrust nShield Security World architecture, Verifone built redundancy so that multiple servers and multiple HSMs, deployed at multiple data centers, can combine seamlessly to service very high transaction volumes with automated load balancing and failover. Additionally, Entrust provides Verifone the ability to offer their customers the option to host their HSMs either on site (the typical choice) or as part of a managed service hosted by Verifone. 

With this solution, Verifone provides a unique combination of strong security and risk mitigation against malicious capture of cardholder data, while at the same time ensuring performance and availability for transactions – a win-win for retailers. Additionally, by deploying end-to-end encryption (sometimes referred to as point-to-point encryption or P2PE), intermediate systems that sit between the POS (point of acceptance) and the point of decryption at the processor are removed from the scope of most PCI DSS compliance requirements, since the data passing through them is encrypted. The Verifone solution is specifically designed to enable retailers to provide security that goes well beyond the requirements of PCI DSS.

About the solution

Entrust nShield HSMs

Entrust nShield HSMs provide a hardened, tamper-resistant environment for performing secure cryptographic processing, key protection, and key management. With these devices you can deploy high assurance security solutions that satisfy widely established and emerging standards of due care for cryptographic systems and practices – while also maintaining high levels of operational efficiency.

Entrust nShield Connect HSMs isolate and secure cryptographic operations and associated keys for an organization’s most critical applications. Entrust nShield Connect HSMs perform encryption, digital signing and key management on behalf of an extensive range of commercial and custom-built applications including public key infrastructures (PKIs), identity management systems, application-level encryption and tokenization, SSL/TLS and code signing. A high assurance alternative to software-based cryptography libraries, Entrust nShield Connect HSMs feature certified implementations of all leading algorithms, as well as the world’s fastest ECC performance.

With Entrust nShield HSMs you can:

  • Deliver certified protection for cryptographic keys and operations within tamper-resistant hardware to significantly enhance security for critical applications.
  • Achieve cost-effective cryptographic acceleration and unmatched operational flexibility in traditional data center and cloud environments.
  • Overcome the security vulnerabilities and performance challenges of software-only cryptography.
  • Reduce the cost of regulatory compliance and day-to-day key management tasks including backup and remote management. With Entrust nShield HSMs, you buy only the capacity you need and can scale your solution easily as your requirements evolve.
hard holding card to scan on Verifone card scanner

Why Entrust?

Verifone evaluated six different HSM models offered by three different vendors before choosing the Entrust nShield Connect HSM. That choice was based on the following:

icon of two hands shaking

Interoperability and integration

Entrust offered multiple interfaces (standard PKCS #11 as well as a lowerlevel interface) which allowed Verifone developers the flexibility to integrate the HSM to maximum advantage in the VeriShield architecture.

thumbs up icon

Ease of use

Verifone found Entrust nShield HSMs to be easy to use, and significantly more flexible than other HSMs in architecting the system to maximize performance and to minimize key persistence

rocket icon

Performance

The throughput of Entrust nShield HSMs was significantly higher than competing products, and enabled Verifone to assure retailers that the VeriShield solution would not degrade performance.

support icon

Support

Verifone valued the close working relationships with the Entrust team and the help that Entrust specialists were able to provide to developers as they worked to incorporate the nShield HSMs.

globe check icon

Entrust nShield Security World

Entrust nShield Security World architecture enabled the Verifone team to set up a system that provides appropriate load balancing, high availability and reliability. With it, VeriShield-protected transactions are capable of being serviced synchronously across multiple sites and multiple HSMs.

Key Benefits

faded gray hex background
faded gray hex background
faded gray hex background
faded gray hex background
faded gray hex background
Contact Us

Fill out the form to have one of our experts contact you to discuss how nShield HSMs can enable your digital security use cases.

Image CAPTCHA
Enter the characters shown in the image.

Download Verifone Point-of-Sale Protection HSM Case Study