www.thalesesecurity.com THALES HSMs SECURE MOBILE POINT OF SALE (MPOS) SOLUTIONS FROM SWIFTCH How an innovative start-up leveraged Thales payment security expertise to bring mobile card acceptance to the Middle East region for the first time THE CHALLENGE: INCREASING CARD ACCEPTANCE IN COUNTRIES WHERE CASH IS KING The United Arab Emirates (UAE) is a highly developed market in terms of IT infrastructure as well as internet and smartphone penetration and yet, surprisingly, has a relatively low penetration level of card payments. The card acceptance network only caters to established businesses and there is a huge potential to penetrate the previously untapped SME market as well as the home delivery sector. With Dubai hosting Expo 2020 (the next World Fair), the UAE government is driving an initiative towards a cashless society with the adoption of innovative and more flexible card-based payment methods. The scheme is endorsed by the major card brands active in the region, namely American Express, MasterCard and Visa, and is planned to cover all types of contact and contactless cards. Swiftch, a nimble start-up company, saw an opportunity to be a part of this cashless society by providing innovative, simple and secure card-based acceptance solutions to all levels of merchants and acquirers. The biggest challenge was to choose an industry leading partner who would be able to assist in delivering a flexible, secure and scalable hardware infrastructure, compliant with the stringent Payment Card Industry Data Security Standard (PCI DSS) security requirements. WHY THALES Swiftch evaluated payment HSMs offered by other vendors before choosing the Thales payShield 9000. That choice was based on the following: Security pedigree – Thales already has a major HSM presence in the Middle East region, providing peace of mind to Swiftch and simplifying the security interfaces from the mPOS gateway to the various acquiring banks in the region. Proven integration – through its mPOS market experience, Thales already had proven integration with the Miura card reader that Swiftch had selected, reducing development risk and most critically reducing time to market. Optimized software package – Swiftch was able to utilize the standard mPOS package that Thales is regularly updating as part of its technology partner program, avoiding the need to build custom functionality and providing high levels of future-proofing as new security standards and algorithms are required. Test HSM availability – Thales made available a test HSM (hosted by Thales) to Swiftch to enable development to start quickly, avoiding the need for production HSMs to be purchased until the system was ready for final testing. Support – timely support from Thales technical support staff enabled Swiftch’s development team to get up to speed quickly with how to integrate their mobile app with the HSM, ensuring no slippages due to the team being new to HSMs. Product certification – the payShield HSM already has PCI HSM certification which simplifies the regional security and audit requirements that the Swiftch solution needs to satisfy. www.swiftch.com
Transcript
w w w . t h a l e s e s e c u r i t y . c o m
THALES HSMs SECURE MOBILE POINT OF SALE (MPOS) SOLUTIONS FROM SWIFTCH
How an innovative start-up leveraged Thales payment security expertise to bring mobile card acceptance to the Middle East region for the first time
THE CHALLENGE: INCREASING CARD ACCEPTANCE IN COUNTRIES WHERE CASH IS KINGThe United Arab Emirates (UAE) is a highly developed market in terms of IT infrastructure as well as internet and smartphone penetration and yet, surprisingly, has a relatively low penetration level of card payments. The card acceptance network only caters to established businesses and there is a huge potential to penetrate the previously untapped SME market as well as the home delivery sector. With Dubai hosting Expo 2020 (the next World Fair), the UAE government is driving an initiative towards a cashless society with the adoption of innovative and more flexible card-based payment methods. The scheme is endorsed by the major card brands active in the region, namely American Express, MasterCard and Visa, and is planned to cover all types of contact and contactless cards.
Swiftch, a nimble start-up company, saw an opportunity to be a part of this cashless society by providing innovative, simple and secure card-based acceptance solutions to all levels of merchants and acquirers. The biggest challenge was to choose an industry leading partner who would be able to assist in delivering a flexible, secure and scalable hardware infrastructure, compliant with the stringent Payment Card Industry Data Security Standard (PCI DSS) security requirements.
WHY THALESSwiftch evaluated payment HSMs offered by other vendors before choosing the Thales payShield 9000. That choice was based on the following:
Security pedigree – Thales already has a major HSM presence in the Middle East region, providing peace of mind to Swiftch and simplifying the security interfaces from the mPOS gateway to the various acquiring banks in the region. Proven integration – through its mPOS market experience, Thales already had proven integration with the Miura card reader that Swiftch had selected, reducing development risk and most critically reducing time to market. Optimized software package – Swiftch was able to utilize the standard mPOS package that Thales is regularly updating as part of its technology partner program, avoiding the need to build custom functionality and providing high levels of future-proofing as new security standards and algorithms are required. Test HSM availability – Thales made available a test HSM (hosted by Thales) to Swiftch to enable development to start quickly, avoiding the need for production HSMs to be purchased until the system was ready for final testing. Support – timely support from Thales technical support staff enabled Swiftch’s development team to get up to speed quickly with how to integrate their mobile app with the HSM, ensuring no slippages due to the team being new to HSMs. Product certification – the payShield HSM already has PCI HSM certification which simplifies the regional security and audit requirements that the Swiftch solution needs to satisfy.
Americas – Thales e-Security Inc. 900 South Pine Island Road, Suite 710, Plantation, FL 33324 USA • Tel:+1 888 744 4976 or +1 954 888 6200 • Fax:+1 954 888 6211 • E-mail: [email protected] Pacific – Thales Transport & Security (HK) Lt, Unit 4101-3, 41/F, Sunlight Tower, 248 Queen’s Road East, Wanchai, Hong Kong • Tel:+852 2815 8633 • Fax:+852 2815 8141 • E-mail: [email protected], Middle East, Africa – Meadow View House, Long Crendon, Aylesbury, Buckinghamshire HP18 9EQ • Tel:+44 (0)1844 201800 • Fax:+44 (0)1844 208550 • E-mail: [email protected]
Follow us on:
THE SOLUTION: A SECURE AND FLEXIBLE MOBILE PAYMENT GATEWAY SOLUTION SECURED BY THALES HSMsSwiftch knew that mobile connectivity would play a major role in their offering – traditional fixed point-of-sale (POS) terminals would not be suitable to address the large market opportunity to take card payments on the move, especially in places like restaurants, street markets or when making home deliveries. This led to the choice of mobile card readers linked to standard smartphones or tablets running an application that Swiftch designed and now maintains. Merchants of all sizes, especially small merchants (accepting card payments for the first time and who are difficult for large bank acquirers to reach) could now be approached directly by the Swiftch sales team in the field, facilitating secure, low cost and efficient on boarding. Thales HSMs enabled Swiftch to fast track their payment gateway solution, leveraging existing proven HSM hardware that supports the end-to-end encryption of payment data and enables a secure payment processing interface to the various bank switches through which Swiftch routes their transactions.
ADITYA ANAND, CHIEF EXECUTIVE OFFICER AT SWIFTCH SAYS:“Taking card payments on the move, especially in places like street markets, restaurants or when making home deliveries has always been a challenge. Our mPOS solution enables affordable on-the-go payments for merchants of any size or where home delivery drivers require payment on delivery. Hardware solutions are pivotal in making security viable in mobile environments and Thales was an obvious for choice for us, offering a best in class solution with wider support and recognition in the payments market than any other provider.”
ABOUT THE SOLUTIONThales payShield 9000: proven, scalable payment system securityDesigned specifically for payments applications, payShield 9000 performs tasks such as PIN protection and validation, transaction processing, payment card issuance, and key management. Used in an estimated 80% of all payment card transactions, payShield 9000 is the most widely deployed payment HSM in the world. The HSM design benefits from more than 25 years of Thales experience with payment system security, giving organizations confidence in a state-of-the-art solution that delivers an ideal combination of security and operational ease.
The cryptographic functionality and management features of payShield 9000 meet or exceed the card application and security audit requirements of the major international card schemes, including American Express, Discover, JCB, MasterCard, Union Pay and Visa. payShield 9000 is certified to FIPS 140-2 level 3 and is also available in configurations certified to the PCI HSM specification as published by the PCI Security Standards Council.
