Thales payShield Reviews

The main use case involves transactions happening in banking environments. We are using it only for transaction-based scenarios, such as ATM PINs or general OTPs that we need for validations or verifications.

Thales payShield is the most secure solution with FIPS level 3 certification, making it virtually impossible to compromise. We primarily choose it because it handles critical applications requiring high TPS (transactions per second), approximately 1,000 TPS. Thales payShield can easily handle such transaction loads when traffic is good.

The encryption process is efficient due to the two-key system. The DEK (data encryption key) performs encryption quickly, processing approximately 1,000 TPS. The encryption speed is notably good.

The main competitors are Utimaco, G+D, and Futurex, though they do not match Thales payShield's level of performance.

Thales payShield provides most necessary features while maintaining security. As an HSM, it appropriately maintains limited features to ensure security while performing essential day-to-day operations.

Thales payShield is a superior product, particularly for transaction processing and banking environments. They have already made improvements from 9k to 10k versions.

The primary area for improvement would be pricing, which is currently quite high. Though the premium pricing reflects their market leadership position, a more flexible pricing model could help acquire more users.

Thales payShield is performing well as a solution.

For scalability, Thales payShield rates eight or nine out of ten because it can be scaled easily.

Technical support rates between six and seven out of ten. They take some time to respond due to their high number of clients.

Positive

The setup process for Thales payShield is simple and straightforward.

The main competitors are Utimaco, G+D, and Futurex, though they are not at Thales payShield's level of performance.

I primarily work with Thales CipherTrust Manager and have experience with both Luna and Thales payShield. For key management purposes, we typically use Luna or CipherTrust.

Thales payShield effectively supports cryptographic algorithms when integrated with legacy systems, particularly using AES-256 and RSA. The master key securing the algorithm provides enhanced security.

The transaction processing speed is impressive, with the ability to handle approximately 1,000 TPS. The solution is fully compliant with PCI HSM standards.

Overall rating for Thales payShield is 9 out of 10.

Thales payShield is primarily a payment HSM that secures transactions between banks and individuals, as well as between banks and FinTech companies.

The most valuable feature of Thales payShield is its performance. The device has smooth performance, and we can upgrade transactions per second with just a license. We can upgrade or downgrade the HSM without facing any unexpected issues, and the HSM works transparently in the network, making it valuable for banks and FinTechs due to its secure encryption capabilities, which are superior to any other HSM competitor.

There are areas of Thales payShield that could be improved. The physical rack mounting needs additional pieces such as reels or other mounting options. Sometimes we face issues related to the interface; the host interface doesn't work fine, and I've experienced this twice with customers, where one of the interfaces drops unexpectedly.

I have been working with Thales payShield for about two years.

The reliability and stability of Thales payShield are excellent, better than any competitors such as Utimaco or any other HSM.

Thales payShield integrates well with the most recent encryption algorithms such as RSA, MD5, and SHA, functioning fine and automatically upgrading when we update to the latest version. There's no need for any external support since everything works fine.

I communicate with Thales payShield technical support when needed. Sometimes we face challenges that require communication with their support team. They are usually helpful, but occasionally we need to explain issues multiple times for them to understand. They're available 24/7 for critical problems, but not on weekends.

I rate their support as a seven.

Positive

I participate in the initial setup and deployment of Thales payShield, including rack mounting the HSM, configuring it from scratch, adding licenses, and upgrading the firmware and security settings. I'm hands-on involved in the implementation.

I have been working with security technology, including SIEM solutions, data security such as Thales, Forcepoint, Fortinet, and Palo Alto. I worked with FortiGate with Thales and have experience with Thales technologies such as payShield and Luna, including Luna CM.

I act as a vendor in some projects, but we are distributors and partners for Thales. I work with all versions of Thales payShield, the latest version, and sometimes with version 1.88, including any version that's PCI certified.

Thales payShield's key management capabilities are excellent. We are able to generate and encrypt keys under the LMKs, integrating with multiple applications that work with PCI or not. We have many tools, such as remote payShield manager, that help us manage the keys.

The audit mechanisms for Thales payShield are very good, as it can work with our monitoring tool called payShield Monitor, and we can integrate it with multiple monitoring tools or SIEM solutions. Since firmware 2.0, we can add the syslog server for it, enabling us to monitor and audit the HSM and smoothly import audit logs without needing back-to-back connectivity to data centers.

Sometimes we face challenges with host commands, but those usually come from application teams, not from payShield itself. They have issues during application development that integrate with the HSM.

Thales payShield can adapt to customer needs by adding necessary security parameters from the beginning. We can perform auditing on the security settings of the HSM to work with applications and add PCI DSS certificates if required. We can also configure remote connections using the payShield manager, which is secure and beneficial for transaction handling. The HSM does not store keys, so it's adaptable to any application easily.

I rate Thales payShield a ten out of ten.