AWS Payment Cryptography Pricing

With AWS Payment Cryptography, you only pay for what you use. There is no upfront commitment or minimum fee. There are two components that determine your bill: charges per API call initiated and the number of active keys (secrets used for cryptographic operations).

Active keys are any keys that have been created or imported into the service with a KeyState of CREATE_COMPLETE. Active keys are billed on a pro-rated basis in one hour increments.

You have an issuer processing application in US East (N. Virginia) that uses AWS Payment Cryptography as part of transaction authorization. You process 50,000 card transactions per month and each card transaction makes 2 API calls to AWS Payment Cryptography for a total of 100,000 API calls per month. These calls are made using a total of 10 active encryption keys. We calculate your cost per month as follows:

You have a payment processing application in US West (Oregon) that uses AWS Payment Cryptography as part of transaction switching and routing. You process fifteen million card transactions per month and each card transaction makes two API calls to AWS Payment Cryptography for a total of thirty million API calls per month. These calls are made using a total of 20 active encryption keys. We calculate your cost per month as follows:

You have a payment processing application in US East (Virginia) and US West (Oregon) that uses AWS Payment Cryptography as part of transaction switching and routing. You process 100 million card transactions per month and each card transaction makes two API calls to AWS Payment Cryptography for a total of 200 million API calls per month.  20 keys are used to handle this workload.  This traffic is load balanced across each Region and multi-region keys are used to ensure that both Regions can handle the traffic.  We calculate your cost per month as follows:

AWS Payment Cryptography Physical Key Exchange simplifies the process of securely converting paper-based cryptographic key components into digital format without needing to maintain your own secure key loading infrastructure or use third-party key custodian services. If your partners or vendors do not support electronic key exchange, you can use Physical Key Exchange for paper-based key exchanges. You or your partners/vendors ship paper key components to trained AWS key custodians, who handle them securely and perform key ceremonies in AWS-operated secure facilities that meet Payment Card Industry (PCI) PIN and P2PE physical and logical security requirements. Physical Key Exchange accelerates your migration to AWS Payment Cryptography, enabling your applications to benefit from cloud-based key management and cryptographic services.

Physical Key Exchange pricing is charged as a one-time fee per key exchanged, covering the complete end-to-end key exchange process. Once loaded into your AWS Payment Cryptography account, keys are charged standard rates and can be used across any AWS Regions using Multi-Region Keys.

Physical Key Exchange is available through AWS-operated secure facilities in the United States. To initiate a request, create a support ticket or contact your AWS account team.

• Key ceremonies performed by trained AWS Key Custodians in AWS-operated facilities
• Compliance with payment industry standards (PCI PIN and PCI P2PE)
• Seamless access to exchanged keys within AWS Payment Cryptography