PIN Protection Service (PPS)

About our Solution

An Issuers’ frequent need is a way to securely generate, store, and validate passwords. But for cost reasons, this is done exclusively in software, with all the risks of this approach.

With paySmart’s PPS service, Issuers can generate, validate and translate
passwords securely within Hardware Security Module (HSM) using a simple API.

With paySmart® PPS technology, password management is simple and within reach of any Issuer. The customer uses the same interfaces that it is already used to and has the same level of protection used by the largest banks and payments systems operators worldwide. In addition, it pays only for active cards, without worrying about transaction values or number of transactions.

To provide the password management service, paySmart® uses HSM (Hardware Security Module) cryptographic devices that do not expose passwords and extreme performance servers, running in financial datacenters.

How It works


paySmart takes care about all issues related to generation or insertion of keys, including key-generation ceremonies or exchange keys between players


The client connects to paySmart and uses a simple API to randomly generate or import previously generated passwords. Passwords are now securely stored, protected by HSMs certified payments PCI PIN Transaction Security (PTS)


The client connects to paySmart and validates encrypted password blocks (PINBlocks). All the complexity of dealing with different encryption mechanisms is abstracted by the API


The service can also be used for translation of password blocks between Acquirers or between Acquirers and Issuers

Technical features

  • Support to all PIN block formats (Personal Identification Number) ISO-0, ISO-1, ISO-2 and ISO-3 defined by ISO 9564 (Financial services – PIN management and security)

  • Use of payment cryptographic hardware (HSMs) in all processes (generation, storage and validation)

  • Generation of 4 to 12 digit numerical random passwords, with truly random processes, that means, generation of random numbers directly in the cryptographic hardware

  • Automatic removal of random passwords with many repeated and/or sequential digits, based on customers’ date of birth or address (configurable)

  • Native protection against very strong attacks with a counter of incorrect online password validation attempts (OPTC online PIN Try Counter)

  • Native protection against dictionary attacks, with diversified password storage instead of the same cryptogram for all cards with the same password

  • Transparent operation during data preparation, based on the same format of embossing files that the client knows

  • Transparent operation during transaction validation, using the same TCP/IP sockets format that the client knows;

  • Support for the reuse of previous passwords already distributed to the client

  • Support for online passwords update exchanged by other client’s interfaces

  • Support for chip cards configured to work with offline passwords or online passwords

  • Support for magnetic cards, with no chip yet, configured to work with online passwords

  • Support to receive PIN Blocks X9.8 MK SK (Master Key/Session Key)

  • Suporte to receive PIN Blocks X9.24 DUKPT (Derived Unique.Key Per Transaction)

Contact us


Use this form to request more information about our products and services.

Help us to give you a faster answer. Please, try to include as much information as possible about yourself, your business, and your needs.


+55 51 3221-4879
+55 51 3227-2814
+55 11 4564-7678