Cryptera

Cryptera develops and delivers security technology for electronic payment solutions and industrial applications. The company specializes in security, encryption, and certifications, leveraging these capabilities to protect businesses from digital attacks and cybercrime. Cryptera employs 38 people and serves an international client base, including over 2 million security solutions in operation worldwide.

Illustration 1: Using security, encryption, and certifications, Cryptera protects businesses from cyber threats.

Since its establishment in the early 1980s, Cryptera has been a trusted technology partner in the financial sector and has had a central role in developing the first Dankort (Danish debit card) payment terminals introduced in stores. Over the following decades, the company has built deep expertise in security technology on the global market, down to the level of the computer chips that control IT systems. Today, Cryptera uses this extensive experience to develop modern payment solutions that securely connect banks, businesses, and consumers. Additionally, the company has established a new business area to meet the growing demand for IoT security solutions in the industrial sector. This new venture allows Cryptera to leverage its expertise in managing encryption keys and offer this knowledge as a service to a new market.

"We develop cybersecurity solutions at the device level... That’s what we do.
Providing customers with solutions tied to a physical IoT device.”

Espen Gregersen, Business Develop Manager, IoT Cyber Security

The threat of digital attacks prevents many businesses from realizing the full potential of IoT. There is no doubt that the proliferation of IoT leads to an increasing amount of sensitive data, both in electronic payment systems and industrial applications. Cryptera's solutions ensure that digital infrastructure remains secure, and that customer data is not compromised.

The business model

Cryptera's business model is deeply rooted in IoT security and is based on two core areas: payment solutions and industrial devices. In both areas, the company integrates robust IT security directly into electronic devices. This provides business customers with a security level comparable to the level of protection in financial transactions. The two business areas differ in the way that security for payment solutions is offered as a hardware-integrated service, while security for industrial devices is provided exclusively as a software-based service. Additionally, they cater to different customer segments, even though the core need addressed by the solutions is the same.

”The core value is the same... Key management of encryption keys.
How do you store them? How do you utilize them?”

Espen Gregersen, Business Develop Manager, IoT Cyber Security

A typical Cryptera customer is a medium-sized company in either the payment or industrial sector. Cryptera manages the entire value chain in-house and operates a PCI-certified Secure Facility [1] for key injection and CA services [2]. This ensures quick response times and high delivery reliability.

Illustration 2: Business model of Cryptera.

Cryptera's value proposition lies in its specialized knowledge of encryption, focusing on the secure storage and use of security keys, also known as "Key Management." This expertise is offered as Software as a Service (SaaS), enabling customers to store their private security keys with Cryptera and use them in ways that enhance device-level security, such as signing software and issuing "Device Certificates." Losing these keys can jeopardize the security of IoT devices in the market.

”We create secure solutions for businesses.
We help customers who make their own devices to make them more secure.”

Espen Gregersen, Business Develop Manager, IoT Cyber Security

The technical solution

Cryptera’s IoT security solution comprises hardware, software, and a cloud-based platform. This solution establishes a security layer at the chip level within individual IoT devices. Through encryption and certificates on this layer, a “Root of Trust” is created, providing fundamental security for the device.

 

Security for industrial devices

Industrial IoT devices are increasingly targeted by cyber threats, as they are typically less protected than standard computers, making them easier to hack. Consequently, there is a growing need to enhance IoT security standards, with several industry standards now requiring companies to:

• Establish unique device identities and credentials
• Implement secure updates
• Adhere to best practices in encryption

The need to implement or strengthen security measures often arises when businesses integrate IoT devices with existing or new systems, external partner systems, cloud services, or simply aim to secure devices throughout their lifecycle. To address this, Cryptera has developed a Device Security Portfolio, offering tailored security solutions for customers’ IoT devices and specific requirements.

”We offer something where the alternative has been for customers to buy various solutions and build it themselves. ...Do you want to use resources to develop it yourself, or leave it to Cryptera, which is an expert in this field?”

Espen Gregersen, Business Develop Manager, IoT Cyber Security

Crypteras Device Security portfolio consists of: 

• KeyServer Platform: Key management and backup system that protects sensitive applications and devices from threats such as theft, loss, or unauthorized access. It generates, stores, manages, and safeguards private keys used in encryption operations, thereby reducing the risk of security breaches and data loss.
• Firmware Signing: Automated code signing integrated with existing applications for user authentication and software development. This system employs encryption techniques to digitally sign firmware or software before it is uploaded to a device's hardware, protecting against unauthorized modifications, malware injection, and other security threats.
• Device Certificate: Certificates that establish secure communication between devices and the cloud. These certificates authenticate device identities, enable secure data transfers, and encrypt data, mitigating unauthorized access and tampering in device-to-cloud communication.

Illustration 3: Cryptera leverages its extensive experience in the payment industry to meet the growing demand for IoT security solutions in the industrial sector.

 

Security for payment solutions 

All payment environments must meet strict security requirements to prevent fraud and card misuse. These requirements are defined by the PCI (Payment Card Industry) Security Standards Council, an international standardization body. Businesses must also consider international and national regulations when selecting payment solutions.

Cryptera develops and manufactures security solutions for self-service and electronic payment environments, such as ATMs, gas pumps, ticket machines, and parking systems. The company offers a range of payment components that can be configured to create flexible and user-friendly payment solutions. These components include:

• Encrypted PIN Pads: Verify and encrypt cardholder PINs entered via keyboards on electronic devices for debit, credit, or smart card transactions, such as payment terminals or ATMs.
• CryptoTouch: Similar to PIN pads but with input via a touchscreen.
• Contactless Payment: Enables fast and secure contactless payments with cards or mobile phones via NFC (Near Field Communication) readers, either as part of a modular solution or as standalone units with existing payment applications.
• Secure Card Reader: Allows offline PIN verification, enabling payments even if internet or payment infrastructure is unavailable. Transactions are stored and processed once connectivity is restored.

These components help Cryptera’s customers meet security standards, reduce unauthorized access and fraud risks, and protect sensitive customer data. All Cryptera transaction devices are PCI-approved and, for chip-based payments, EMVCo-approved. Additionally, Cryptera is certified by VISA and Mastercard as a Secure Facility Center.

Illustration 4: Cryptera contributed to the development of the first Dankort terminals in the early 1980s and has since been a trusted technological partner in the financial sector.

The role of cybersecurity

In an increasingly interconnected world, data and digital infrastructure have become essential to modern business. This makes the need for cybersecurity more urgent than ever, and Cryptera has made it its mission to protect businesses. This is especially critical in the IoT space, where cybersecurity has gained heightened attention due to new EU regulations such as NIS2, the Cybersecurity Act, and the CER Directive, which require companies to invest in protecting their IoT devices. Cryptera’s solutions can be described as cybersecurity at the device level.

”We design not only to make our own solutions secure but also to ensure that our customers can trust that our solutions make their IoT devices secure.”

Espen Gregersen, Business Develop Manager, IoT Cyber Security

For Cryptera, cybersecurity is about safeguarding the integrity, authenticity, and confidentiality of devices and data. The company’s solutions are fundamental components of modern cybersecurity practices, providing IoT devices with an additional layer of protection that prevents the exposure of sensitive data. This is achieved through the encryption of communication between IoT devices, ensuring that data transmitted to and from the devices, as well as associated services, remains secure from unauthorized access and reading. For businesses investing in Cryptera’s cybersecurity solutions, the benefits include:

• Ensuring that no IoT devices are misconfigured or neglected, which could jeopardize data security.
• Seamlessly integrating and updating new IoT devices within existing systems.
• Identifying and protecting particularly sensitive data in compliance with legal requirements and organizational risk assessments.
• Choosing a platform that secures data transfers between devices and backend systems, which reduces the risk of unauthorized access.
• Ensuring compliance with laws, regulatory requirements, and standards mandating specific security measures for IoT devices.

Cybersecurity requires a continuous effort, and no solution can guarantee complete protection. A 2023 threat assessment by the Danish National Centre for Cybersecurity warns that the cyber threat to IoT devices is VERY HIGH. Cryptera stresses the importance of proactively addressing these challenges and helps businesses take decisive steps in a constantly evolving threat landscape.

”Nothing is 100% secure...
But as a business, you must determine how much to invest in security in relation to complying with regulations, industry standards, brand protection, etc.”

Espen Gregersen, Business Develop Manager, IoT Cyber Security

Illustration 5: Cryptera’s vision is to deliver maximum security to protect sensitive data.

Best practice learnings

The number of devices capable of connecting to the internet and exchanging data with other devices and systems has exploded in recent years. Along with IoT devices come cyber threats, and Cryptera sees it as its responsibility to shape the future of IoT security by delivering innovative, scalable, and reliable solutions. The company has identified several critical factors behind the positive reception of its IoT security solutions in the market. These factors are outlined as recommendations below.

1. Find your niche

Security solutions must integrate seamlessly with existing systems. Cryptera’s solutions focus on device-level cybersecurity, and the company emphasizes the importance of designing solutions that can integrate with customers’ existing devices and systems, including networks, infrastructure, and cloud services from providers like Microsoft, Google, and Apple. It is essential to deliver value in areas of expertise – for Cryptera this means IoT device security – while relying on others for surrounding infrastructure.

”There’s no reason to build it from scratch when it already exists.
So, we just integrate with what’s already there.”

Espen Gregersen, Business Develop Manager, IoT Cyber Security

2. Development based on best practices

IoT device development often prioritizes innovation, rapid launches, and user involvement. However, from a security perspective, this increases the device's attack surface, making it a potential entry point for cybercriminals. Security should be considered from the outset, particularly when developing security solutions. It is crucial to balance the company's commercial goals – often requiring quick market entry – and the market’s demand for mature, value-creating solutions. Cryptera achieves this balance through continuous reassessment and adjustment of its approach.

”When we develop a new solution, we base it on best practices.
We take what we know works from the payments industry but leave out what doesn’t make sense to carry forward.”

Espen Gregersen, Business Develop Manager, IoT Cyber Security

3. Risk assessment

As technology evolves, so do threats – both for businesses in general and for Cryptera. To ensure customers' data remains secure, Cryptera continuously adapts, innovates, and sets new standards for data protection. This includes systematically identifying, analysing, and assessing the security risks faced by its customer segments.

”I’m a strong advocate for conducting risk assessments...
Start with paying attention to the detail, and start with analysis.”

Espen Gregersen, Business Develop Manager, IoT Cyber Security 

Cryptera applies this approach internally at multiple levels, including the development of new solutions, optimization of internal processes, and stakeholder management.

4. Listen to customer needs

Cryptera has spent years listening to its customers and learning about the market. When the company expanded its business model into the industrial sector, it initially intended to replicate the success of its hardware-based security solutions from the payments industry. However, this approach proved less appealing in the new market. Cryptera recognized the need to remain open to market input and adapt accordingly.

”It’s SO important to stay curious and humble.”

Espen Gregersen, Business Develop Manager, IoT Cyber Security

The market has also become more receptive to insights from Cryptera and other security solution providers. Many organizations are increasingly aware of the demands and threats associated with IoT devices and are prioritizing cybersecurity. As a solution provider, it is essential not only to listen to customers but also to help them define and understand the security, business, skill, and economic considerations they must address before selecting a solution.

”You can spend all your money on security. So, when is it enough?
A risk analysis can help businesses determine this,
so resources are prioritized according to specific risks.”

Espen Gregersen, Business Develop Manager, IoT Cyber Security

End notes

[1] PCI-Certified Secure Facility: A security-certified facility that complies with the stringent requirements of the Payment Card Industry Data Security Standards (PCI DSS). This certification demonstrates that the facility protects payment data and adheres to the highest security standards within the card industry.

[2] CA Service: Issues, manages, and verifies digital certificates used to secure internet communication. A CA (Certificate Authority) acts as a "trusted third party" by confirming the identity of individuals, organizations, or entities seeking to secure their data through encryption.

Copyright notice:  © 2022 – 2026 CyPro Consortium.

This material was produced as part of the CyPro project and is funded by The Danish Industry Foundation under the thematic focus area Cybersecurity.

The CyPro project aims to strengthen the cybersecurity knowledge level of the manufacturing industry ecosystem in relation to the Internet of Things (IoT) and Industry 4.0.