P2PE (Point to Point encryption) is a secure way to process POS payments. The moment the card is swiped, the P2PE system converts information into a code that’s unreadable to the observer. This means the business taking the payment never holds customer card data in a format that could be accessible to thieves.
Without P2PE, creditcard data enters a complicated ecosystem where devices and applications of differing levels of security are entrusted to ensure the payment reaches the intended party – a company’s bank account.
Captured data from a credit card is transmitted to a Point of Sale (POS) terminal, which then encrypts the data and sends it to a retail server. This server then decrypts the data – briefly exposing the data in the clear – and then re-encrypts the data for transmission to the payment gateway.
Once at the payment gateway, the card information is decrypted again and transported to your business bank account for processing. The problem here is that data is exposed several times throughout this process, leaving it vulnerable to hackers looking to steal card details and, ultimately, funds.
Let’s look at how P2PE solves this problem.
About PCI P2PE compliance
When using P2PE, the credit card data captured during a payment is encrypted by a One Time Encryption Key the moment that the credit card is used on a card reader. The credit card information remains in the encrypted state as it moves into the POS terminal, then to the local server, and then finally to the payment gateway.
The payment card industry has its own independent Security Standards Council, which aims to protect businesses and consumers from the consequences of data theft. To make it easier for businesses to keep data secure, they recommend systems and practices that maximise security in payment services. It’s important to follow these recommendations for the financial safety of your customers, and therefore your business.
Safety for your customers
If you’re PCI P2PE compliant, customers can be confident that their card and bank account details are secure. P2PE card data storage systems ensure that even if a third party did manage to steal the data, it would be a string of meaningless code, unusable for fraudulent purposes.
Simply put, P2PE ensures card data remains in a consistent state of encryption throughout the entire payment process journey. Therefore, the card details aren’t exposed, think of them as being securely locked behind sealed virtual walls throughout the payment process.
The transaction remains accessible by the merchant, but the data is never visible, so a query or refund could be carried out without anyone but the customer ever actually seeing any of their sensitive data.
Safety for your business
A compliant P2PE system means your business is at a much lower risk of fraud and data breaches. Fraud can have a devastating impact on any type of business, causing not only an immediate financial loss, but also loss of customer confidence and loyalty.
Issues such as these can continue to cost a company money for years after the actual event.
PCI P2PE Compliance and PCI DSS
Any business that takes payments using point of sale technology must be assessed annually to ensure that they are compliant with DSS – the payment card industry’s Data Security Standard. If you are PCI P2PE compliant, this simplifies the process, as several of the criteria needed for a successful DSS assessment are automatically met by being P2PE compliant.
If your company has hundreds of stores and possibly thousands Point of Sale (POS) terminals and PIN Entry Devices (PEDs) that aren’t PCI DSS compliant, then achieving and maintaining compliance can be complex, time-consuming and expensive.
However, with P2PE-compliant PED devices, merchants can effectively remove their stores from the scope of PCI DSS compliance regulations. Not only this, but vendors that supply stores merchants with products can also make huge savings simply by using P2PE when accepting credit card payments.
Compliance with PCI P2PE means you could save not just paperwork headaches, but also your money, and your customers’ money.
Our P2PE PCI DSS Solution
Chip & PIN Solutions is fully PCI DSS compliant and has a wealth of experience in card processing. We expertly supply and implement P2PE-compliant PED devices for businesses to the highest of professional standards.
If you’re interested in finding out more about the benefits of P2PE and whether it’s right for your business, get in touch with our friendly UK-based customer care team today!
March 7, 2019