Skip to content
UniPayGateway
  • Why UniPay?
    • Merchant
    • ISO
    • Software Provider
    • Billing Company
    • Collections Company
  • Payment Solution
    • Payments as Service
    • White Label Gateway
    • On-Premises Solution
    • EMV Terminal Solutions
    • PayFac Model
  • Pricing
  • Services
    • Legacy System Replacement
    • Processing Consolidation
    • Payment Ecosystem Landscaping
    • PayFac Implementation
    • EMV Implementation
  • Webinars
  • Resource Hub
    • Trending Articles
    • Guides
    • Press Releases
    • Payment Advice
    • Infographics
    • Expert Consultation
    • UniPay Modules
    • Video Guides
    • FAQ
Demo
Home UniPay Gateway Payment Advice HSM, Tokenization Appliance, or both?
Share

What to Choose HSM, Tokenization Appliance, or both?

It is important to understand, that hardware security modules (or HSM) and tokenization appliances represent two types of devices which work together, but cannot replace each other.

Tokenization appliance

A tokenization appliance is intended for implementation of vault functionality. However, some functions related to encryption and decryption of cardholder data, are “delegated” to the HSM. In order to communicate with a hardware security module, a tokenization appliance has a respective API. As PCI compliance requires encryption keys to be changed approximately once a month, a tokenization appliance has in-built key rotation functionality (which an HSM doesn’t have).

HSM

An HSM is, basically, intended for encryption and decryption of card numbers, verification of PINs and EMV cryptograms. However, without a tokenization appliance an HSM is unable to decrypt the data.

Tokenization appliance and HSM together

Together tokenization appliance and HSM enable you to implement a variety of cardholder data protection functions. These include not only tokenization, but point-to-point encryption (P2PE), processing of PINs, as well as card issuance.

 In order to implement vault functionality, it is not necessary to purchase a tokenization appliance. The other two options are licensing of vault software, compatible with your HSM, or developing it yourself.

 More information on tokenization appliances and HSM is available in the respective article on #Paylosophy.