Our Payment Hardware Security Module as a Service (Payment HSMaaS) offering has successfully achieved certification under the GBIC/DK (German Banking Industry Committee / Deutsche Kreditwirtschaft) Approval Scheme.
This achievement confirms our full compliance with the rigorous security and operational requirements of the German banking sector for cryptographic processing of payment transactions.
New Certification opening new opportunities for our customers
The GBIC/DK Approval Scheme is recognized as the gold standard for payment security in Germany. With this certification, Utimaco’s cloud-based Payment HSMaaS is validated to deliver the same level of trust, assurance, and security as certified on-premises hardware security modules.
This ensures seamless interoperability with German payment infrastructures and banking systems, enabling banks, payment processors, and service providers across Germany to confidently adopt our solution while maintaining compliance with several further national and international regulations, such as PCI DSS, PCI PIN, PCI P2PE.
“GBIC/DK approval is a major milestone for Utimaco and our customers. It validates that our cloud-based Payment HSM platform delivers the same level of assurance, control, and compliance that banks expect from their traditional payment infrastructure, while offering the scalability and agility of the cloud.”
Darren Busby, Sales Director Trust as a Service, Utimaco
Trust built on certifications
The world of digital payments is built on a foundation of trust. For banks, fintechs, and payment processors, maintaining the security and integrity of every transaction is paramount.
This milestone validates our commitment to providing the highest level of security and compliance, empowering you to innovate with confidence.
Why DK Certification Matters for Payment Security
In the financial sector, compliance is not optional. Certifications provide independent assurance that a solution meets the industry's most stringent security requirements.
The GBIC Approval Scheme (also known as the Deutsche Kreditwirtschaft (DK) Approval Scheme) is the official certification framework defined by the German Banking Industry Committee (GBIC/DK) which is the body representing Germany’s leading banking associations. Its purpose is to ensure that all hardware, software, and cryptographic components used in the German banking and payments ecosystem meet the highest standards of security, interoperability, and reliability.
Here's why it matters:
National Standard of Trust:
GBIC/DK approval is recognized by all major German banks and payment institutions as the definitive benchmark for secure payment technology. It ensures that cryptographic systems can be safely used in environments handling sensitive customer data and financial transactions.
Proven Security Assurance:
Approved products have undergone independent testing and validation against GBIC/DK technical requirements, covering both hardware design and operational procedures. This ensures resilience against attacks, key compromise, and other security threats.
Regulatory and Scheme Compliance:
The certification aligns closely with global standards such as PCI DSS and PCI PIN meaning that solutions approved under the GBIC/DK scheme also help organizations meet international regulatory obligations.
Interoperability and Ecosystem Integrity:
The approval guarantees that certified systems interoperate correctly with other DK-compliant components used across the German banking network, such as card issuance, ATM networks, and payment processors, ensuring seamless integration and consistent security posture.
Confidence in Cloud Migration:
For banks transitioning from on-premises infrastructure to cloud-based services like this from Utimaco, GBIC/DK approval provides assurance that security is not compromised by modern deployment models. It validates that even in a managed service or cloud environment, the same cryptographic trust anchors are maintained.
For C-level executives, this means reducing organizational risk and enhanced audit confidence. For technical leaders, it means a secure, pre-vetted platform that accelerates development and deployment without compromising on security.
What DK Validates: A Deeper Look
The DK certification is not a simple regulatory checkbox. It’s a cornerstone of trust in the German and European financial ecosystem which involves a comprehensive audit of the entire service, from the hardware to the operational procedures that govern it. This provides you with assurance across several key areas.
Under this scheme, the Payment Hardware Security Modules (HSMs), PIN management systems, and other secure payment components must undergo a rigorous evaluation process. This process validates their compliance with DK specifications for:
- PIN encryption and decryption
- Key management and exchange protocols (e.g. TR-31, TR-34)
- Secure EMV and card data processing
- Cryptographic algorithms and implementation security
- Operational security and lifecycle controls
Only solutions that meet these technical and procedural standards are granted GBIC/DK Approval, meaning they are authorised for use within the German banking network.
Your Trusted Partner Accelerating Innovation with cloud-based Payment HSMaaS
Our DK-certified Payment HSMaaS is a key component of our broader Trust as a Service (TaaS) solution portfolio. With TaaS we provide a comprehensive suite of cloud-based cybersecurity solutions designed to secure your data, transactions, and digital identities without the overhead of managing on-premises infrastructure.
Discover all benefits of our Payment HSM as a Service and start transforming your payment security posture today.
