P2PE PCI Compliance
Point to Point Encryption (P2PE) was founded by the Payment Card Industry Data Security Standard (PCI DSS). P2PE is a huge step forward in credit card payment security. It ensures that data is protected from hackers and cyberware. We ensure that our services all meet PCI Compliance Standards.
Why non-P2PE Credit Card Payments are Unsecure
When a credit card payment is made during a transaction, card data enters a complicated ecosystem where devices and applications of differing levels of security are entrusted to ensure the payment reaches the intended party – a company’s bank account.
Captured data from a credit card is transmitted to a Point of Sale (POS) terminal, which then encrypts the data and sends it to a retail server. This server then decrypts the data. During this time the data is briefly exposed. The data is then re-encrypted for transmission to the payment gateway. Once at the payment gateway, the card information is decrypted again and transported to your business bank account for processing.
The problem here is that data has been exposed several times throughout this process. This leaves it vulnerable to hackers looking to steal card details and funds.
How Can P2PE Secure Credit Card Payments?
When using P2PE, the credit card data captured during a payment is encrypted by a one time encryption key. This happens the moment that the credit card is used on a card reader. The credit card information remains in the encrypted state as it moves into the POS terminal. From here it moves to the local server, and then finally to the payment gateway.
The one-time encryption key, which is a feature of every P2PE payment, can only ever be used once. The encryption key is destroyed afterwards as an effective security measure. The decryption keys are stored in an isolated Hardware Security Module (HSM) at the payment gateway.
P2PE ensures credit card data remains in a consistent state of encryption throughout the entire payment process. Card details aren’t exposed. Think of them as being securely locked behind sealed virtual walls throughout the payment process.
How Else Can P2PE Benefit My Business?
By using machines with P2PE functionality, not only are you ensuring added security for your customers and your banking. You’re also reducing the costs involved in becoming PCI DSS compliant.
If your company has hundreds of stores and possibly thousands Point of Sale (POS) terminals and PIN Entry Devices (PEDs) that aren’t PCI DSS compliant, then achieving and maintaining compliance can be complex, time-consuming and expensive.
With P2PE-compliant PED devices, merchants can effectively remove their stores from the scope of PCI compliance regulations. Not only this, but vendors that supply store merchants with products can also make huge savings by using P2PE when accepting credit card payments.
Our P2PE PCI DSS Solution & PCI Compliance
Chip & PIN Solutions is completely PCI DSS compliant and has a wealth of experience in card processing. We supply and install P2PE-compliant PED devices for businesses to the highest of professional standards.
If you’re interested in finding out more about the benefits of P2PE and whether it’s right for your business, get in touch with our friendly UK-based customer care team today!
Watch our Customer Feedback Stories
Call FREE on 0800 881 8104