w w w . t h a l e s e s e c u r i t y . c o m

THALES HSMs SECURE MOBILE POINT-OF-SALE SOLUTIONS FROM MINT PAYMENTS

How an innovative leader in mPOS solutions ensures that cardholder data and PINs are protected at all times

THE CHALLENGE: CARD ACCEPTANCE NEEDS TO BE SIMPLE, SECURE AND AVAILABLE ANYWHEREWith the decline of cash payments, merchants of all sizes are increasingly looking for a flexible, cost effective and secure payments solution to accept EFTPOS (electronic funds transfer at point of sale) and credit card transactions on the go. It is no longer just the established bank acquirers and third party processors that want to offer card-based payment solutions to merchants, with telcos and other service providers looking to integrate card payments into their solutions or expand their current offerings. Together with the increasing desire for integrators to develop payment functions into their mobile apps, a solution supporting secure card acceptance without the traditional merchant POS device installation, configuration and security audit complexity is urgently needed.

THE SOLUTION: FLEXIBILITY AND SECURITY POWERED BY THALES HSMsIn order to address these issues, Mint Payments chose Thales hardware security modules (HSMs) to provide high assurance encryption and key management functionality as an integral part of their PCI DSS compliant data center.

Mint’s mobile card acceptance solution uses a small portable card reader that connects via Bluetooth to a merchant-owned smartphone or tablet. The device is magnetic stripe, EMV Chip and contactless enabled, allowing the merchant to accept “customer present” payments securely. Tight control of the remotely initiated key injection process for card reader activation, encryption of the payment data at the point of capture and the use of hardware security modules (HSMs) at the payment platform level, enables mPOS solution providers like Mint to attain PCI DSS compliance and delivers a clear win for all participants in the value chain.

Thales payShield 9000 hardware security modules (HSMs) are used in the Mint infrastructure for a variety of purposes, including:

Generating keys for the card readersDecrypting card data PIN block translation at the payment platform prior to sending the transaction into the acquirer network for authorization

HOW MINT AND THALES DELIVER THE WIN-WIN FOR CORPORATES AND MERCHANTSThe Mint solution for mPOS using Thales HSMs is comprised of three main product offerings:

Minterprise: a branded mobile payments platform for enterprises and banks, customizable to their needs Mintegrate: a program supporting a set of SDKs and APIs that allow developers to seamlessly integrate payments into third-party software while leveraging Mint’s PCI capabilities Mint mPOS: a solution comprising a mobile app and card reader combination that allows merchants of all sizes to accept contactless, chip and PIN-based card payments securely, anytime and anywhere

WHY THALESMint Payments evaluated payment HSMs offered by other vendors before choosing the Thales payShield 9000. That choice was based on the following:

Proven mPOS experience – through its technology partnerships, Thales already had proven integration with the card readers that Mint selected to take to market, reducing development risk and delivery timeframes. Richness of standard features – the core Thales payShield software contained all the functions and flexibility that Mint needed, avoiding the need to build custom functionality. Upgrade capability – Mint quickly discovered that they could start with a small base of lower capacity HSMs and swiftly add additional capacity through performance upgrades, avoiding any impact to their payment platform. Support – Thales offered timely support to Mint’s developers through its local offices, helping to provide extra assurance that expert technical assistance was always on hand when needed. Management – payShield HSMs can be managed remotely, providing operational cost savings and convenience. Product certifications – the payShield HSM already has the PCI HSM and APCA certifications which simplify the various global and regional security and audit requirements that the Mint solution needs to satisfy.

Americas – Thales e-Security Inc. 900 South Pine Island Road, Suite 710, Plantation, FL 33324 USA • Tel:+1 888 744 4976 or +1 954 888 6200 • Fax:+1 954 888 6211 • E-mail: sales@thalesesec.comAsia Pacific – Thales Transport & Security (HK) Lt, Unit 4101-3, 41/F, Sunlight Tower, 248 Queen’s Road East, Wanchai, Hong Kong • Tel:+852 2815 8633 • Fax:+852 2815 8141 • E-mail: asia.sales@thalesesecurity.comEurope, Middle East, Africa – Meadow View House, Long Crendon, Aylesbury, Buckinghamshire HP18 9EQ • Tel:+44 (0)1844 201800 • Fax:+44 (0)1844 208550 • E-mail: emea.sales@thalesesecurity.com

Follow us on:

Mint offers a complete and modular solution for mobile card acceptance, enabling many players in the value chain to leverage its proven bank grade payments infrastructure rather than having to invest in their own. All components of the solution meet relevant PCI, EMV and card scheme standards and certifications, provide simple integration and enable live deployments within weeks rather than months. The combined Mint Payments and Thales solution expands card acceptance in a flexible and secure way, delivering clear benefits for the various adopters.

MINTERPRISE (FOR ENTERPRISES):Accepts a wide range of global/regional/national credit and debit card brands using smartphones and tablets supporting iOS and AndroidUtilizes the bank grade security infrastructure hosted by Mint, eliminating the need for banks, telcos and service providers to create their own in-house PCI DSS compliant mPOS payment gatewayOffers white label, custom branded or integrated solutions generating strong brand awareness and tight integration where necessary

MINT MPOS (FOR MERCHANTS):Enables merchants to offer secure mobile card acceptance to customers as an alternative to cashEliminates clear text payment data from the merchant environment (and hence PCI DSS compliance overhead) through the use of point-to-point encryption (P2PE)Benefits from an easy, quick on-boarding process as well as simple pricing options

© T

hale

s - A

pril

2017

• P

LB65

50

ABOUT THE SOLUTIONThales payShield 9000: proven, scalable payment system securityDesigned specifically for payments applications, payShield 9000 performs tasks such as PIN protection and validation, transaction processing, payment card issuance, and key management. Used in an estimated 80% of all payment card transactions, payShield 9000 is the most widely deployed payment HSM in the world. The HSM’s design benefits from over 25 years of Thales experience with payment system security, giving organizations confidence in a state-of-the-art solution that delivers an ideal combination of security and operational ease.

The cryptographic functionality and management features of payShield 9000 meet or exceed the card application and security audit requirements of the major international card schemes, including American Express, Discover, JCB, MasterCard, Union Pay and Visa. payShield 9000 is certified to FIPS 140-2 level 3 and is also available in configurations certified to the PCI HSM specification as published by the PCI Security Standards Council.

Front end Interface

Gateways/Banks

APIs

APIs

APIs

APIs

App

Hardware payShieldHardware Security Module

Payment Switch

Web Portals

Payment Sever

Mint Back end

White Label Business Logic Authentication Database

EMV Kernel UserManagement

MerchantManagement

BYO App

Chip & PIN

Chip& Sign

MerchantPortal

AdminPortal

Services

SMS Email