AWS Payment Cryptography Documentation

AWS Payment Cryptography is a cloud-based Payment HSM service that simplifies integration for payment processing applications by streamlining payment key management and the implementation of cryptographic operations.

Key Features


AWS Payment Cryptography allows you to scale your payment cryptography capacity. APC is an elastic, pay-as-you-go service allowing you to automatically use any capacity permitted under your AWS Quotas.

Automated key management

AWS Payment Cryptography streamlines payment key management, including importing and generating keys, automated key management (store, rotate, back up, recover, and shred), and exporting keys. The service also implements and enforces keyblocks such as key usage and modes of use. Tags can be used to manage keys and their purpose.


Security and quality controls in AWS Payment Cryptography have been validated and certified by compliance regimes including:

  • PCI PIN Security
  • PCI Data Security Standard (DSS) 
  • PCI 3DS (3DS)

AWS Payment Cryptography integrates into standard AWS tooling such as AWS IAM, allowing for fine-grained permission controls on both an API and key resource basis.

Simplified integration

AWS Payment Cryptography offers cryptography operations required for your payment applications through RESTful APIs. These APIs provide concise methods to perform common use cases in the payment industry such as generation or validating CVV2 values.

Additional Information

For additional information about service controls, security features and functionalities, including, as applicable, information about storing, retrieving, modifying, restricting, and deleting data, please see This additional information does not form part of the Documentation for purposes of the AWS Customer Agreement available at, or other agreement between you and AWS governing your use of AWS’s services.