About Verisec International AB

Verisec delivers secure digital identity and cloud-based payment cryptography services, including 10XPay. Our purpose is to enable financial institutions to operate securely in modern, distributed payment ecosystems without carrying the full burden of complex security infrastructure.

In this space, cybersecurity is not a supporting function — it is the product. The value Verisec brings to customers is the ability to rely on a controlled, certified, and continuously monitored cryptographic environment. This allows them to reduce operational risk, simplify compliance, and focus on their core business while maintaining a strong security posture.

Verisec is transforming secure payments and authentication with a smarter, more scalable approach. With over two decades of experience and more than 80 million end-users worldwide, Verisec helps organizations manage solutions that protect data, identities, and payments. Operating through seven offices globally, Verisec combines international reach with local expertise.

Its hybrid model merges the reliability of established infrastructure with the agility of modern cryptographic technology. Through a suite of leading security products and strong partnerships with internationally respected technology providers, Verisec serves as a long-term enabler of secure digital evolution, helping organizations thrive today while building confidently for tomorrow.

The Challenge

Achieving compliance for a cloud-based Payment HSM service is inherently complex. Unlike traditional on-premises HSM deployments, cloud environments introduce additional layers of abstraction, multi-tenancy considerations, and shared responsibility models. This creates challenges in demonstrating clear control over physical security, logical isolation, key management, and operational governance — all of which must meet stringent regulatory and scheme requirements.

The GIE Cartes Bancaires (CB) framework is particularly relevant because it reflects a more advanced and realistic view of cloud HSM services. It pushes beyond traditional compliance by requiring transparency, operational maturity, and demonstrable control in a cloud context.

Verisec started from a strong payment industry and cybersecurity foundation, but CB introduced additional expectations in terms of structure, evidence clarity, and control articulation.

The transition was not about adding controls, but about making Verisec's security model fully understandable, auditable, and aligned with CB expectations.

The solution

Foregenix helped Verisec bridge that gap by:

• Translating CB requirements into practical and measurable controls
• Challenging and refining how Verisec presents its architecture and security model
• Structuring evidence to clearly demonstrate control effectiveness, not just control existence
• Supporting Verisec in preparing for assessor-level discussions with confidence

The collaboration was efficient, direct, and focused on outcomes. Foregenix provided clear guidance without introducing unnecessary complexity, which is critical in this type of engagement.

The level of support was strong throughout. While the CB process remains demanding by nature, Foregenix helped structure the journey and remove ambiguity. This made the process significantly more manageable than initially expected.

The results

The engagement had a clear and tangible impact on how Verisec International AB positions and operates its service. It strengthened its credibility in the market by aligning it with one of the most demanding frameworks for cloud-based payment HSM services, which in turn reinforces customer trust. This recognition was reflected externally as well — Bruno Kovacs, Head of Security Standards & Expertise, Card Payments, GIE Cartes Bancaires offered his congratulations to Verisec on "achieving this milestone and becoming one of the first CB approved, cloud-based payment HSM service providers on the market."

Internally, it brought a higher level of clarity in how Verisec International AB describes, structures, and evidences its security model, making interactions with auditors and stakeholders more efficient and focused. It also helped reduce friction in compliance discussions by ensuring that controls are not only implemented, but clearly understood and defensible.

Overall, the process contributed to a more mature and scalable operational foundation, supporting both current customer engagements and future expansion into new markets and regulatory environments.

As explained by Dimitry Binazzi, Chief Security and Compliance Officer at Verisec, "CB is one of Europe's sovereign payment schemes and one of the most rigorous on the continent. This approval confirms that Cloud-native payment cryptography can meet the standards that matter most to regulated financial institutions, covering transaction acquiring, P2PE, cardholder authentication, digital card issuance, and issuer authorisation.

For institutions weighing extension of payment HSM infrastructure, this is a significant signal."  

Why Foregenix

Verisec selected Foregenix based on its reputation in payment security and its ability to operate at the intersection of technical architecture and regulatory interpretation.

What differentiated Foregenix from others was its pragmatic approach. Foregenix experts understood how cloud HSM services work and could translate that into compliance language without oversimplifying or overcomplicating the model.

"We would recommend Foregenix, particularly to organizations dealing with advanced payment security requirements or transitioning to cloud-based cryptographic services."