AWS Payment Cryptography now supports paper-based key exchange
AWS Payment Cryptography now supports Physical Key Exchange, a new PCI PIN and P2PE compliant feature for performing paper-based cryptographic key exchange with the service without needing to maintain your own secure key loading infrastructure. If your partners or vendors do not support electronic key exchange, Physical Key Exchange provides an option to exchange cryptographic keys to accelerate your migration. AWS Payment Cryptography is a managed service that provides elastic key management and cryptographic operations for your cloud-hosted payment applications.
Although electronic key exchange is preferred, some counter parties are not yet ready to support it, requiring organizations to maintain Hardware Security Modules (HSMs) and Key Loading Devices (KLDs) to perform paper-based key ceremonies in a compliant manner. Maintaining this infrastructure is costly and operationally burdensome, especially for key exchanges that occur only a few times per year. With Physical Key Exchange, paper key components are shipped to trained AWS key custodians, who handle them securely and perform key ceremonies in AWS-operated secure facilities that meet the PCI PIN and P2PE physical and logical security requirements. Once loaded into AWS Payment Cryptography, keys are available to perform cryptographic operations.
For details on key exchange options in AWS Payment Cryptography, see the Physical Key Exchange for paper-based and importing and exporting keys for electronic key exchange in the User Guide. For pricing details, visit the pricing page. To get started, open an AWS support case or contact your AWS account team.