Migration to MYHSM

A detailed migration process has been developed to make the move to MYHSM as seamless and risk-free as possible.

Moving from the status quo of operating and managing Payment HSMs in-house, to outsourcing the whole ecosystem to a fully managed service is a brand new concept that some payment companies are understandably cautious about.

Just a few years ago the idea that traditional banks would move their mission-critical payment systems to the cloud was questionable, now confidence in the cloud has increased and companies want to get rid of their physical infrastructure and focus on their core business. As a result, the cloud is now quickly becoming the de facto choice for payment systems deployment around the world, with Microsoft Azure and Amazon Web Services leading the way.

The remaining piece of the puzzle for migrating to the cloud however is the Payment HSM; the public cloud cannot support them. This gap is filled by MYHSM which offers a proven and fully PCI PIN compliant solution. Yet to take advantage of this new alternative requires a change in mindset, and accepting the idea of sharing responsibility for your top level encryption keys with the MYHSM security officers under a fool-proof, secure and approved set of processes together with an Attestation of Compliance (AoC) as evidence for your own PCI auditors.

When migrating to MYHSM your existing Master File Key (MFK) are never shared, instead MYHSM creates a new unique MFK for your company during a monitored Key Ceremony at its certified Secure Operating Centre. All keys that are currently encrypted under your existing MFK will be migrated to this new MFK under a Zone Master Key (ZMK). The ZMK having been shared using multiple components managed efficiently via a workflow on the MYHSM portal.

Below we have outlined some factors for consideration when migrating to MYHSM.


Get in touch
with our experts

Contact Us