According to PCI-DSS requirement 3.5.2:
We should store secret keys in a cryptographic device.
Cryptographic devices:
1.HSM
2.PTS-approved point of interaction device
My questions:
I have some knowledge about HSM and it encrypts the KEK using Master key. Also read about Thales HSM and I'm aware about it. But when I was looking into PTS, I can't understand it.
What is PTS and is that a device like a HSM?
How does PTS differs from HSM?
Which is the best practice among HSM and PTS?