Prime Factors Blog

HSM Management - Distinguishing Legitimate PIN Management from Attacks?

Posted by Mary Still on Apr 16, 2015 4:00:00 AM

Find me on:

When Jeff Cherrington and I first introduced HSM Surveryor™ in a webinar last February, the audience submitted many questions - more than we had time to answer before the end of the session.  As promised, each will be addressed in Prime Factors' blog, including this one:

Fraud detection, PIN attacks -- how does HSM Surveyor distinguish between regular, legitimate PIN generation/verification versus attacks on the PIN management process?

Identifying and protecting against such attacks must be addressed as part of enterprise PIN management to safeguard payment card issuers from fraud and to ensure the integrity of the payments ecology.  PIN attacks are fraudsters' malicious attempts to identify the correct PIN for a stolen or cloned card via brute force. HSM Surveyor, when applied to Thales e-Security®'s payShield® 9000 hardware security modules, reduces the risk of successful attacks.  It does require the appropriate configuration of each component.

The payShields include controls for setting thresholds for number of incorrect PIN attempts within a period of one minute and within one hour.  Each time the threshold is exceeded, a counter is incremented.  If that counter exceeds its own configurable threshold, the potential of a PIN attack exists. 

HSM Surveyor, appropriately configured to monitor a payShield with these controls set, then displays the values via either the Health Check Accumulated Counts or the Instantaneous Health Check views:


Either or both can be used to aid fraud detection team members and data center personnel for HSM management, identifying malicious attacks early.

For a broader discussion of HSM Surveyor, what it does, and how it may be used, click on the button below and register for a replay of our recent webinar and Learn How to Take the Guesswork Out of HSM Monitoring:

New Call-to-action


Topics: HSM Management