What is the difference between a General Purpose HSM and a Financial HSM?

Definition: HSMs (Hardware Security Module) are hardware devices that generate, store and protect cryptographic keys. In addition, they are also responsible for functions such as encryption, decryption, signature and authentication. HSMs are physically separated from their servers and can be found in the cloud (HSM in cloud).

HSMs have become a very important element to protect the confidential data of both an organization and a user. There are two types of HSMs: General Purpose HSM and Financial HSM (also called Payment HSM). In this article, we will explain the differences between them. But to understand the differences, we first need to know what each one consists of.


General Purpose HSM and Financial HSM explained

What is the General Purpose HSM?

General Purpose HSMs are a type of Hardware Security Module that provide general cryptographic commands that return sensitive information to the software application. General Purpose HSMs are very flexible to use, as they can be used in any application that uses cryptographic keys that do not require the additional functions that must be used in the Financial HSM.

General Purpose HSMs comply with numerous safety standards such as these below:

  • PCI DSS.
  • PCI 3DS (Server 3DS).
  • RGPD.
  • eIDAS.

What is the Financial HSM?

The Financial HSM is a Hardware Security Module that has a set of enhanced features that are necessary to comply with payment industry standards. Financial HSMs enforce management under dual control and provide the specific cryptographic commands that are required to ensure that the sensitive information being handled does not go out of the HSM.

The Payment Card Industry Security Standards Council has a number of standards related to payment security. Listed below are the most common uses according to the standards that  require the use of financial HSMs such as PCI PTS HSM.

  • Security PIN.
  • P2PE.
  • 3DS (ACS any DS).
  • Cards production.
  • TSP.
  • SPoC.
  • CPoC.

Requirements within the listed standards mean that HSMs must provide payment industry-specific functionality.

Differences between the two types of Hardware Security Module

Summing up, the first major difference between the two types of Hardware Security Module is that they have different uses. While the General Purpose HSM is used for digital signatures, to encrypt or decrypt information, to verify and validate digital identity or to generate and custody KPI keys, the Financial HSM can be used to generate, manage and validate the PIN, to recharge the card, to validate the card, user and cryptogram during payment transaction processing, to share keys securely or to issue payment credentials for payment cards and mobile apps.

Another difference is related to cryptographic commands. While the General Purpose HSM offers general cryptographic commands, the Financial HSM offers more specific cryptographic commands so that information does not leave the HSM.

Finally, the security standards met by each one are also different, as we have seen above.

The best HSM solution is at Utimaco

The HSM solution has become one of the best ways to protect all our confidential information. They have multiple advantages, are useful in many sectors and offer unique features. At Utimaco we have the best HSM devices on the market so you can shield your information and be safe on the Internet. If you have any questions, please do not hesitate to contact us. We will be pleased to help you.



Blog posts

Blog posts

Related products

Related products

Contact us

We look forward to answering your questions.

How can we help you?

Talk to one of our specialists and find out how Utimaco can support you today.
You have selected two different types of downloads, so you need to submit different forms which you can select via the two tabs.

Your download request(s):

    By submitting below form you will receive links for your selected downloads.

    Your download request(s):

      For this type of documents, your e-mail address needs to be verified. You will receive the links for your selected downloads via e-mail after submitting below form.

      Your collection of download requests is empty. Visit our Downloads section and select from resources such as data sheets, white papers, webinar recordings and much more.