P2PE PCI DSS
Point to Point Encryption (P2PE), founded by the Payment Card Industry Data Security Standard (PCI DSS) is a huge step forward in credit card payment security because it ensures that data is protected from hackers and cyberware.
Why non-P2PE Credit Card Payments are Unsecure
When a customer’s credit card payment is made during a transaction, the card data enters a complicated ecosystem where devices and applications of differing levels of security are entrusted to ensure the payment reaches the intended party – a company’s bank account.
Captured data from a credit card is transmitted to a Point of Sale (POS) terminal, which then encrypts the data and sends it to a retail server. This server then decrypts the data – briefly exposing the data in the clear – and then re-encrypts the data for transmission to the payment gateway.
Once at the payment gateway, the card information is decrypted again and transported to your business bank account for processing. The problem here is that data is exposed several times throughout this process, leaving it vulnerable to hackers looking to steal card details and, ultimately, funds.
Let’s look at how P2PE solves this problem.
How Can P2PE Secure Credit Card Payments?
When using P2PE, the credit card data captured during a payment is encrypted by a One Time Encryption Key the moment that the credit card is used on a card reader. The credit card information remains in the encrypted state as it moves into the POS terminal, then to the local server, and then finally to the payment gateway.
The One-Time Encryption Key, which is a feature of every P2PE payment, can only ever be used once – it is destroyed afterwards as an effective security measure.
The decryption keys are stored in an isolated Hardware Security Module (HSM) at the payment gateway.
Simply put, P2PE ensures credit card data remains in a consistent state of encryption throughout the entire payment process journey. Therefore, the card details aren’t exposed, think of them as being securely locked behind sealed virtual walls throughout the payment process.
How Else Can P2PE Benefit My Business?
By using machines with P2PE functionality, not only are you ensuring added security for your customers and your banking, but you’re also reducing the costs involved in becoming PCI DSS compliant.
If your company has hundreds of stores and possibly thousands Point of Sale (POS) terminals and PIN Entry Devices (PEDs) that aren’t PCI DSS compliant, then achieving and maintaining compliance can be complex, time-consuming and expensive.
However, with P2PE-compliant PED devices, merchants can effectively remove their stores from the scope of PCI DSS compliance regulations. Not only this, but vendors that supply stores merchants with products can also make huge savings simply by using P2PE when accepting credit card payments.
Our P2PE PCI DSS Solution
Chip & PIN Solutions is fully PCI DSS compliant and has a wealth of experience in card processing. We expertly supply and implement P2PE-compliant PED devices for businesses to the highest of professional standards.
If you’re interested in finding out more about the benefits of P2PE and whether it’s right for your business, get in touch with our friendly UK-based customer care team today!
Watch our Customer Feedback Stories
Call FREE on 0800 881 8104