Buying a cup of coffee in a coffee shop or ordering a single product on an e-commerce platform involves many links in financial payment behind the consumption process, and the encryption of financial data storage and circulation is an important link in ensuring financial security .
Encryption is the biggest challenge in securing the payment process for consumers. Jiang Xuesen, chief security evangelist of Amazon Cloud Technology, said, "First of all, the password of the consumer's payment card can only be compared with the issuing bank of the card, and other participants in the middle (merchants, payment gateways, acquiring banks, and card organizations) cannot. If any plaintext is exposed, any link in the middle cannot be decrypted. Second, for cross-bank transactions, encrypted information needs to ensure that the intermediate participants cannot see the password, but at the same time they need to let them know the next step. who."
"In the payment process of the financial industry, the key and decryption process, as well as the comparison process, must be carried out in a special encryption machine (HSM), to ensure its security, no one's participation, no one can Steal the key. What Amazon Cloud Technology is doing is providing encryption and keys for financial payments," he said.
Recently, Amazon Cloud Technology announced the launch of Amazon Payment Cryptography, a financial payment encryption service, which provides encryption and key functions for payment processing applications and simplifies the processing of payment applications for debit cards, credit cards, and stored value cards for data protection. cryptographic operations.
Using Amazon Payment Cryptography, financial service providers and processors can migrate their payment-specific encryption and key management functions to the cloud, eliminating the need to provision and manage on-premises financial data encryption machines, while meeting compliance requirements.
Applications using HSMs are often demanding due to the complexity of payment processing, time sensitivity, high regulatory requirements, and the need for multiple financial service providers and payment networks to work together. Every payment involves exchanging data between two or more financial service providers, and each step must be decrypted, transformed, encrypted or authenticated. This requires the financial service providers involved in the process to have high-performance encryption capabilities and key management procedures.
And these providers may have thousands of keys to secure, manage, rotate, and audit, making the entire process expensive and difficult to scale. In addition, the use of HSMs in the past has involved complex and error-prone processes, such as exchanging keys using key components printed on paper, and then separately couriered to multiple key custodians, who will store these components in the safe house. combine.
At present, cross-border e-commerce is becoming more and more active, and Chinese companies going overseas have entered a white-hot stage. Many companies going overseas are facing difficulties in the payment process.
Jiang Xuesen said that to handle the payment process, small merchants going overseas generally look for third-party payment gateways, but the handling fees are very high. On the other hand, large-scale overseas companies will consider building their own payment system and need to use payment encryption technology, so they usually need to use the encryption machine necessary for the standard payment encryption process.
"To buy an encryption machine, you need to use a computer room and hire people. These are all costs. The cost of a single encryption machine is about 400,000 to 500,000 in the world. A merchant going overseas has to go to different locations around the world. , it may be on the scale of 10 or 20 units once it goes online." Jiang Xuesen said.
It is reported that Amazon Cloud Technology's latest Amazon Payment Cryptography can generate keys, import and export electronically, and automate key management (storage, rotation, backup, and recovery). Bai Fan, Product Director of Security Compliance and Governance of Amazon Cloud Technology Greater China, said, "Slightly larger merchants no longer need to pre-configure and manage local financial data encryption machines, and at the same time can meet the compliance requirements of different regions; small and medium-sized enterprises use this The service can be paid according to the actual usage according to the number of active keys and the number of API calls, which can avoid the high transaction fee charged by the third-party payment platform according to the transaction amount. At the same time, for the certification related to PCI (payment card industry), Amazon cloud technology In addition to providing technology, it also provides courses and coaching training to customers."
Amazon Payment Cryptography is currently available in the Amazon Cloud Technology US East (Northern Virginia) and US West (Oregon) regions, and other regions will be launched soon.