Skip to main content

AWS Payment Cryptography Documentation

AWS Payment Cryptography is designed to support integration for payment processing applications.

Elasticity

Hardware security modules (HSMs) traditionally anchor your payment workloads to on-premises data centers. AWS Payment Cryptography is designed to replace those HSMs with an elastic AWS service.

Key management

AWS Payment Cryptography is designed to support payment key management, including importing and generating keys, key management (store, rotate, back up, recover, and shred), and exporting keys. The service is also designed to implement and enforce keyblocks such as key usage and modes of use. Tags are designed to be used to manage keys shared with business partners.

Compliance

AWS Payment Cryptography is designed to meet payment card industry (PCI) standards including PIN Security, Point-to-Point Encryption (P2PE), Data Security Standard (DSS), and PCI 3-D Secure (3DS). The service provides AWS CloudTrail logs for key management activities to support customer compliance reporting. Cryptographic key metadata is reviewable through list key and get key APIs to provide information needed for PCI PIN, PCI P2PE, and other compliance programs.

Security and quality controls in AWS Payment Cryptography have been validated and certified by compliance regimes including:

  • PCI PIN Security
  • PCI Data Security Standard (DSS) 
  • PCI 3DS (3DS)

Security

As a managed service, AWS Payment Cryptography can help you meet your security and compliance needs as outlined in the AWS Shared Responsibility Model. Under this model, AWS is responsible for maintaining the infrastructure of the cloud, including the HSM hardware used to provide the service. You can implement appropriate access controls using AWS IAM policies and audit usage using Amazon CloudWatch and AWS CloudTrail.

AWS Payment Cryptography integrates into standard AWS tooling such as AWS IAM, allowing for fine-grained permission controls on both an API and key resource basis.

Scaling and availability

AWS Payment Cryptography is designed to support scaling of payment cryptographic operations.

Integration

AWS Payment Cryptography offers cryptography operations for your payment applications through RESTful APIs. These APIs are designed to provide methods to perform common use cases in the payment industry.

Additional Information

For additional information about service controls, security features and functionalities, including, as applicable, information about storing, retrieving, modifying, restricting, and deleting data, please see https://docs.aws.amazon.com/index.html. This additional information does not form part of the Documentation for purposes of the AWS Customer Agreement available at http://aws.amazon.com/agreement, or other agreement between you and AWS governing your use of AWS’s services.