What is Point to Point Encryption (P2PE) & Why Does It Matter?
Navigating the world of payment processing can be complicated – sometimes it feels like you’d need a degree in the subject to understand it. Understanding the finer points of payment processing can help merchants better prepare themselves for potential risks and the possibility for greater profits. With that in mind, it’s useful to understand the basics of point to point encryption (P2PE) – one of the most important secure payment services tools available.
P2PE was introduced in 2012 within the Payment Card Industry Data Security Standard (PCI DSS) framework – a set of security standards set forth by the Payment Card Industry Security Standards Council (PCI SSC) for organizations which handle credit cards. An update in 2015, established a specific set of standards which providers must maintain in order to be considered an approved P2PE solution.
WHAT IT IS
P2PE is a combination of secure devices, applications and processes that encrypt data from the point of interaction (i.e. swipe or tap) until it reaches the solution provider’s secure decryption environment. In essence, P2PE ensures data remains secure throughout the transaction process. To be considered a P2PE solution, your selected provider must offer:
- Encryption of data at the point-of-interaction (i.e. swipe of card or entry of info)
- Utilize P2PE validated devices
- Maintain secure management of encryption and decryption devices
- Maintain secure management of the decryption environment
- Use of secure encryption methodologies such as key generation, distribution, and more.
- Just last year, point of sale giant MICROS warned customers that it had detected malicious code in some legacy MICROS systems. Considering MICROS is used by 330,000 customers throughout 180 countries, the potential scope of the breach was staggering.
- Sabre Corp., provider of the SynXis Central Reservations Systems, disclosed the breach of payment and customer data from bookings processed through the online reservations system which serves over 32,000 hotels and lodging establishments last year as well.
IS TEI PAYMENT SOLUTIONS P2PE COMPLIANT?
Yes, TEI Payment Solutions maintains P2PE compliance within both its card present and card not present solutions. TEI Payment Solutions is a registered MSP/ISO of Elavon (backed by U.S. Bank) - one of the Top 2 secure payment services providers in the United States completing over 3 billion secure transactions annually. TEI Payment Solutions is capable of completing card not present (i.e. online) transactions in a completely P2PE compliant environment direct to Elavon. Furthermore, Card Present transactions are P2PE compliant through the use of a Shift4 secure payment gateway to Elavon.
BENEFITS OF P2PE
- Assurance that the solution has been examined by a P2PE Assessor.
- PCI-approved solutions can reduce the validation efforts required by the PCI Data Security Standard (PCI DSS) which helps save time and money.
- It is more than a one-time assessment, being a validated PCI P2PE solution means that ongoing security is in place including a full re-assessment every three years.
- Should fraudulent activity occur, the P2PE solution provider is held accountable for data loss and fines – not the merchant.
- P2PE transactions are much quicker than typical transaction, creating a more efficient customer experience.
INTERESTED IN LEARNING MORE?
Contact us today at http://teipaymentsolutions.com/Company/Contact-Us for more information.