search product
  IT News Update
Out of Band Management Infrastructure(OOBI)
RAMSAN Flash Storage
IBM System X Server
KVM Extender
Hardware Security Modules (HSMs)
Thales Hardware Security Modules (HSMs)
Identity Management Products
Key Management Systems
Network Encryption Appliances
Time Stamping
UNC Power & Facility
Cisco UCS C-Series Rack-Mount Servers
HP ProLiant Rack Servers
HP ProLiant Tower Servers
HP ProLiant Option for Gen8
>> HOME / Hardware Security Modules (HSMs) / Hardware Security Modules (HSMs) / THALES ...
Product Compare Email Forwarding Print
Thales payShield 9000
Designed specifically for payments applications, payShield 9000 from Thales e-Security is a proven hardware security module (HSM) that performs tasks such as PIN protection and validation, transaction processing, payment card issuance, and key management. payShield 9000 is the most widely deployed payment HSM in the world, used in an estimated 80% of all payment card transactions. The payShield 9000 design benefits from over 25 years of Thales experience with payment system security, giving organizations confidence in a state-of-the-art solution that delivers an ideal combination of security and operational ease. The payShield 9000 device is deployed as an external peripheral for mainframes and servers running card issuing and payment processing software applications for the electronic payments industrydelivering high assurance protection for Automated Teller Machine (ATM) and Point of Sale (POS) credit and debit card transactions. The cryptographic functionality and management features of payShield 9000 meet or exceed the card application and security audit requirements of the major international card schemes, including American Express, Discover, JCB, MasterCard, UnionPay, and Visa. payShield 9000 is certified to FIPS 140-2 level 3 and is also available in configurations certified to the PCI HSM v1.0 specification as published by the PCI Security Standards Council.

Price : Call Price
status: Available
Quantity Unit

payShield 9000 Features


Security Features


  • PCI HSM security certification on selected configurations enables users to plan their migration to PCI compliant environments in advance of anticipated future card scheme mandates. Multiple local master keys (LMKs) in a single HSM provide cryptographic isolation between different applications or tenants that share a common HSM. This is ideally suited to service bureaus who can establish complete key database separation between their multiple banking clients. Optional Key Management Device (KMD) enables security staff to manage key components, reconstitute keys, and export application keys in a highly secure portable device without the need to make a physical connection to a production HSM.
  • Secure audit trail satisfies the requirements of the latest banking industry security audit standards and provides peace of mind that all security-sensitive operations being carried out on the HSM are recorded and available for review.

    Operational Features

  • Optional Remote HSM Manager lowers operating costs and enables a security team from a central location to manage multiple HSMs in multiple data centers without the need for travel. Utilization statistics enable users to monitor the commands being performed over any user-selected time period in order to assist with capacity planning and avoid performance bottlenecks. High resilience features in the form of dual power supplies and dual Ethernet host ports provide maximum uptime and provide flexibility in data center maintenance and support.
  • Software-upgradeable and customizable functionality enables organizations to maximize the value of their initial hardware investment and to satisfy their specific requirements in a cost effective, secure, and timely manner.
    payShield 9000 Specifications 


    Cryptographic algorithms supported


        DES and Triple DES (key lengths 112 bit, 168 bit) AES (key lengths 128 bit, 192 bit, 256 bit)
    • Asymmetric
      • RSA (key lengths up to 2048 bit)
      • SHA-1 SHA-2


      FIPS 140-2 level 3
    • PCI HSM V1 (selected configurations only)
    • APCA

    Key Management Support:

      Thales Key Block (compliant with ANSI X9.24; superset of X9 TR-31)
    • X9 TR-31 Key Block
    • RSA Public Key
    • DUKPT for PIN and data encryption
    • Master/Session Key Scheme
    • Racal Transaction Key Scheme AS2805

    Host connectivity:

      TCP/IP and UDP (10, 100, 1000 Base-T) dual ports for resilience
    • FICON (factory fitted option) Asynchronous (V.24, RS-232)

    Applications supported:

      ACI: BASE24, Postilion
    • Aconite: Affina Enterprise, Mobile Application Manager
    • BPC: SmartVista
    • Clear2Pay: Open card System
    • CompassPlus: TranzWare Online, TranzWare Card Factory
    • CR2: BankWorld, CardWorld
    • CreditCall: CardEase Mobile
    • Euronet: Integrated Transaction Management
    • First Data: VisionPlus
    • FIS: Connex, Cortex
    • Gemalto: Ezio on Mobile
    • Jack Henry Banking: jhaPassPort
    • Lusis: Tango
    • OpenWay: Way4, Way4 Data Preparation and Card Personalisation
    • Prime Factors: Bank Card Security System
    • Royal Gate: Paygate
    • RS2: Bankworks, Bankworks Issuing
    • Tieto: Payment Suite, Card Suite
    • TII Smart Solutions: TranServer
    • TPS: IRIS Enterprise Switch
    • TSYS: Prime, Prime Issuer Wincor Nixdorf: ProcClassic/Enterprise

    Base Software Packages
    Each payShield 9000 is configured with one of a selection of base software packages that closely reflect the intended usage of the product. The range of packages currently supported includes functionality relevant to transaction processing, magnetic stripe card issuing, EMV card issuing, point-to-point encryption (P2PE), mobile point-of-sale (mPOS), and mobile payments.

    Optional Software Licenses

    In additional to the base software package, additional functions can be added through a series of optional licenses which can be purchased independently and installed at any time throughout the product lifecycle. The functionality supported by the various optional licenses includes secure host communications, user authentication, data protection, enhanced key management (including multiple LMK support), regional payment options, high performance RSA key generation, and PIN/key mailer printing.


    payShield 9000 is available in a range of performance levels. As transaction volumes grow the customer has the option to deploy additional HSMs to meet the higher load requirements or if applicable purchase a performance upgrade for an existing HSM. The performance upgrade has the advantage of requiring just an upgraded software license to be applied with no physical hardware changes necessary.

    Remote HSM Manager

    As an alternative to the Local HSM Manager supplied as standard with payShield 9000 (which requires a direct physical connection to the HSM), Remote HSM Manager is a separate standalone system (running on a remote PC/laptop) which provides the ability to perform all administration tasks remote from the data center and without the need for the security team to be in the physical presence of the HSM.

    Key Management Device

    The Key Management Device (KMD) is a standalone handheld device that supports the forming of a key from its constituent components in a highly secure manner without the need to have a physical connection to a production HSM.
    Security Resource Manager (SRM) for Tandem Host Systems
    The Tandem SRM is a software application that runs on the Tandem host system and is the interface between the host payment application and the bank of HSMs. Its main purpose is to provide load balancing and resilience, enabling the host application to communicate through a simple interface to the SRM without having to manage the complexity of multiple HSMs they will appear as a logical single HSM resource.

    Security Resource Manager (SRM) for IBM Host Systems

    The IBM SRM is a software application that runs on the IBM host system and is the interface between the host payment application and the bank of HSMs. Its main purpose is to provide load balancing and resilience, enabling the host application to communicate through a simple interface to the SRM without having to manage the complexity of multiple HSMsthey will appear as a logical single HSM resource.
    Additional Smart Cards
    Each payShield 9000 is shipped with a set of blank LMK component cards together with test LMK cards. Additional packs of 6 cards are available to assist with individual user configurations where a large number of cards are necessary to meet operational and security requirements across multiple data centers. All smart cards can be used with all current and legacy Thales payment HSMs payShield 9000, HSM 8000 and RG7000.
    Cabinets and Runner Kits
    Customers can choose from a wide range of cabinets of different heights to suit their individual data center storage requirements. Complementary runners are available as kits to fit to the sides of the payShield 9000.
    Replacement Locks and Keys
    payShield 9000 uses two highly secure locks with associated keys on the front panel as part of the security administration procedures. The items are tightly controlled and registered and are not available on the open market. Thales provides a lock replacement and additional key supply service where for example locks are damaged or keys are lost.
    Adapter Cables
    payShield 9000 makes use of USB ports on its rear panel to provide connectivity for peripherals such as consoles and printers. In the legacy range of payment HSMs RS232 D-Type or Centronics parallel printer ports were supplied. For customers needing to reuse legacy cables, Thales is able to provide adapters to convert the end of the cables to the USB format.
    Ѻ´ سҵԴͺ ҧѾ02 2482090 ͷҧ Թԡ ʹ 

    Home | Product | Shopping Cart | Product Search | About Us | How to order | Member Login | Member Register | FAQ | Contact Us

    Copyright © 2019 Universal NetCom Solutions (UNCS) Co., Ltd.

    144/26 Building A, Klongjun Place, Seri Thai Road, Klongjun, Bangkapi, Bangkok , Thailand 10240

    Tel: +66 (0)2 377 0026 +66 (0)81 3598221 press 0 + Fax: +66 (0)2 377 0035