Enables 3-D Secure online payments
payShield Cardholder Authentication can be easily deployed to secure online credit and debit card payments using 3-D Secure. Better known by its major implementations, Verified by Visa and MasterCard SecureCode, it has successfully reduced fraud in online payments by requiring the cardholder to confirm the payment using a shared secret, often a pre-arranged password, that is known only to the issuer and cardholder.
Authenticates EMV cardholders for online banking (CAP/DPA)
Financial institutions can combat the rising fraud levels through phishing in online banking through EMV-based cardholder authentication. Implemented by the major card schemes as MasterCard Chip Authentication Program (CAP) and Visa Dynamic Passcode Authentication (DPA), this technology uses a challenge-response mechanism with a bank card and a low-cost card reader to authenticate the cardholder. payShield Cardholder Authentication can easily be integrated with online banking applications to provide back-office, EMV-based authentication.
Integrates with off-the-shelf cardholder authentication solutions
Instead of using a proprietary method for authenticating users in online portals, many vendors of cardholder authentication solutions use the EMV-based challenge-response mechanism used in CAP/DPA. For this purpose, payShield Cardholder Authentication is compatible with third-party solutions including those from ActivIdentity, Arcot, Bell ID and Gemalto.
Protects security codes and account numbers in Interactive Voice Recognition systems
Have you ever heard the following prompt when phoning our bank or credit card issuer: “Enter or say your security code and press hash?” payShield Cardholder Authentication can be integrated with Interactive Voice Recognition (IVR) systems to ensure that security codes and account numbers are safe from data breaches through internal staff, malicious code, and hackers.
Provides easy integration with developer toolkit
The payShield Developer Software helps organizations to integrate secure Cardholder Authentication into their web services applications using a Java or C environments. This developer toolkit is included in the payShield Cardholder Authentication for nShield license.
Performs payment and general HSM functions
Because payShield Cardholder Authentication is an option for a general-purpose HSM, organizations can also leverage general HSM functionality, for example manage keys for database encryption or web applications.
Imports externally created keys to HSMs
The optional payShield Key Loading Device enables organizations to manually enter an encryption key, such as a Zone Master Key (ZMK). Security officers can load key fragments onto separate smartcards before importing them into an nShield HSM. It can also be used for non-payment keys.
Runs on FIPS and Common Criteria validated nShield hardware security modules
Following security best practice, payShield Cardholder Authentication runs on hardware security modules that protect keys against logical and physical attacks. It is compatible with nShield Solo (FIPS 140-2 Level 3 models only) and nShield Connect. The 
HSMs are validated to FIPS 140-2 Level 3 and Common Criteria EAL 4+. To provide enhanced business continuity for cardholder authentication, nShield Connect features dual, hot-swap power supplies; several modules can be combined for load balancing and fail-over.