UK Royal Mail selects nCipher to provide secure online services

Royal Mail has selected nCipher’s nShield hardware security modules (HSMs) to help deliver safe internet transactions and services from its web site www.royalmail.com. As well as providing postcodes online, mail and parcel tracking and philately services, the popular Internet portal also allows customers to shop for travel insurance and foreign currency and to pay bills online.

Central to the success and reputation of the Royal Mail Web site is adherence to the highest industry standards in Web site security in order to offer safe internet transactions to all of its customers. In particular, Royal Mail wanted to be sure that they were following best security practice in relation to stringent data privacy legislation relating to financial and other personal information. They needed to deploy a highly secure solution for the storage and retrieval of confidential customer information including credit card and bank details.

Working together with nCipher, Royal Mail has implemented a solution which protects customer data by encrypting it inside a tamper-resistant nShieldHSM, ensuring that access to this sensitive data can be strictly controlled. This means that unencrypted credit card or bank account details are never stored where they may be open to external or internal attack. The sensitive cryptographic keys used to perform the encryption process are also stored and managed within the nCipherHSMwhich has been independently validated to the Federal Information Processing Standard (FIPS140-2 Level 3) – one of the industry`s most stringent security standards. Were it not for the use of the nCipherHSMthese keys and the encryption process would be unprotected in the open memory space of the host server where they might be vulnerable to key-finding attacks.

“We considered deploying software based encryption products but when it became clear that the security of the encryption keys could not be guaranteed we decided to adopt a more secure approach and establish a tamper-resistant hardware-based security environment,” says Martin Roe, Security and Integrity Manager for Royal Mail eBusiness. “nCipher`sname is synonymous with security, basing a solution on nCipher’sbest of breed HSMsallows us to deliver a highly secure e-business infrastructure which also ensures current and future compliance with privacy legislation relating to the storage of personal customer details.”

“Online customers are becoming increasingly concerned with the safety of online transactions, services and customer data, so a successful Web site is one they can trust” says Colin Bastable, vice president international sales at nCipher.

“nCipheris the market leader in applying hardware-based cryptography security to manage and protect customer data and has enabled Royal Mail to develop a Web site secured to the highest level.”

The system is now live and currently has more than 3 million users per day.