The Root of Trust for Payment Card and Payment Transaction Processing Use Cases


Designed for the Payment Card and Payment Transaction Industry

  • Provides certified hardware meeting strict compliance requirements for payment industry use cases
  • Specifically designed for cashless payment transaction processing, PIN transaction, card personalization and card issuance use cases
  • Includes a software simulator for evaluation and integration testing
Key Benefits

Key Benefits


Strong Compliance

PaymentServer meets the compliance requirements of PCI HSM, DK and is FIPS 140-2 Level 3 certified.


Specifically designed for Payment Card and Payment Transaction Processing

Targeted use in payment card schemes programs such as Visa, MasterCard, Amex and UnionPay.


Highly Customizable

PaymentServer provides a market-unique range of customization options, ranging from bespoke developments to certification services in order to obtain the necessary certification/ compliance for additional function requirements.



PaymentServer - The Root of Trust for Payment Card and Payment Transaction Processing Use Cases

Payment systems have evolved to keep pace with a changing economy. Keeping up with technology developments whilst meeting regulations and compliance standards are continuous challenges.

PaymentServer provides the ideal solution to meet these challenges. It is a highly secure and flexible HSM designed for transaction processing, PIN translation, card personalization and issuance, dedicated to its utilization in payment card schemes programs such as Visa, MasterCard, Amex and UnionPay.

PaymentServer has a high level of self-customization options, allowing the user to create their own unique and secret algorithms as well as customized service and support, in order to remain flexible and prepared for future certifications and compliance requirements . Before firmware integration, the integrated simulator with all HSM functionalities enables evaluation, development, and integration testing.

The high flexibility is also reflected in the capability to support both secure key storage inside the HSM and external encrypted key storage at a location of choice. Additionally, PaymentServer Includes API convergence enabling the user to utilize payment APIs as well as general purpose APIs such as a full set of PKCS #11 on the same HSM.

PaymentServer is available as SeGen 2 and CSe series.

High Security

  • True random number generator providing best-in-class entropy and high-quality keys
  • Strong cryptographic algorithms
  • 2FA and “n of n” quorum authentication
  • 2-factor authentication with smartcards    

Supports ePayment Specific Cryptographic Interfaces (APIs)

  • ByteBuffer Interface allowing to build the communication library and scripting C-API libraries for Windows and Linux independent from operating system
  • C-API as source code available for rapid integration on other operating systems (OS)    

Supported General Purpose Cryptographic Interfaces (APIs)

  • PKCS #11
  • JCE
  • CSP
  • CNG
  • Utimaco‘s high performance interface Cryptographic eXtended services Interface (CXI)

Supported Cryptographic Algorithms

  • Triple-DES, DES, AES
  • RSA
  • SHA-1, SHA2-Family, SHA3, RIPEMD
  • Hash-based deterministic random number generator
  • (DRG.4 acc. AIS 31)
  • DSA, ECDSA with NIST and Brainpool curves
  • DH, ECDH with NIST and Brainpool curves    

High Speed

  • Provides a speed of up to 2,600 PIN translations per second    

Broad range of functionalities

  • UKPT
  • EMV, Visa, MasterCard
  • Full TR-31 support
  • ISO Pin Block Formats 1, 2, 3, 4 (AES PIN Block)
  • Support for ARPC, ARQC and ARC
  • On behalf key management
  • 25 key derivations supported

Highly customizable

  • Possibility to integrate additional functions and modifications through professional services
  • Certification services from Utimaco in order to obtain the necessary certification/ compliance for any additional function requirements
  • Customizable architecture to easily add new key derivation methods    

Software simulator included

  • HSM Simulator with all PaymentServer functionalities
  • Fully functional runtime including all administration and configuration tools
  • For evaluation, development and integration testing of functionalities prior to integration in the firmware of the PaymentServer HSM    

Fulfills various security and compliance mandates

  • DK
  • FIPS 140-2 Level 3 (hardware and base firmware)

Environmental compliance

  • CE, FCC Class B
  • UL, IEC/EN 60950-1
  • CB certificate   


Our on-premise options allow hosting the product directly on-site in your own network or data center.

  • LAN Appliance
  • PCIe Card

u.trust 360

u.trust 360 Hub and Spoke Model


Your Centralized Management and Monitoring Platform

Utimaco u.trust 360 is a unified platform that enables centralized administration, monitoring and provisioning of multiple Atalla AT1000 and CryptoServer HSM appliances. It provides an easy-to-use GUI with natural event and decision flow to manage 100s of cryptographic resources more effectively.

  • Centrally manage and monitor your Atalla and CryptoServer LAN V5 HSMs
  • Remotely access your Atalla and CryptoServer LAN V5 HSMs
  • Benefit from real-time monitoring, configuration, and reporting - on premise or in the cloud

Find more details

CryptoServer SDK

The professional development environment for customized HSM solutions enabling the self-customization of PaymentServer to handle proprietary and secret algorithms.

Find more details

Contact us

We look forward to answering your questions.

How can we help you?

Talk to one of our specialists and find out how Utimaco can support you today.