Point-to-Point Encryption (P2PE)

In today’s PCI-DSS efforts, service providers are finding more opportunities utilizing PCI Point-to-Point Encryption solutions to support their clients’ goals of achieving compliance and reducing credit card compromise risk. MegaplanIT can provide your organization guidance throughout the P2PE assessment including audit preparation, onsite assessment of data flows and processes, policy and procedure development, secure management of key exchange, storage, and use, trusted advisory and recommendations, and the final delivery of your P2PE Report on Validation (P-ROV).

One aspect of MegaplanIT’s continued success has been built around our detailed and accurate assessment methods. These methods focus on exposing common process flaws early in the assessment, which allows your organization to quickly remediate weaknesses, validate your compliance to the PCI Council, and shift focus to product sales and growing market share.

Understanding the role point-to-point encryption (P2PE) plays in processing a payment transaction can help merchants take the necessary steps to protect themselves and their customers from a costly data breach.

WHAT IS IT?

A point-to-point encryption (P2PE) solution is a combination of secure devices, applications and processes that encrypt data from the point of interaction (for example, at the point of swipe or dip) until the data reaches the solution provider’s secure decryption environment.  These solutions, which are provided by a third party solution provider, help reduce merchant PCI DSS scope by eliminating clear-text account data from a merchant’s environment, or by isolating the P2PE environment from clear-text account data present in other merchant payment channels.

A PCI P2PE solution must include all of the following: 
  • Secure encryption of payment card data at the point-of-interaction (POI) 
  • P2PE-validated application(s) at the point of interaction 
  • Secure management of encryption and decryption devices 
  • Management of the decryption environment and all decrypted account data 
  • Use of secure encryption methodologies and cryptographic key operations, including key generation, distribution, loading/injection, administration and usage
 
BENEFITS OF USING A P2PE SOLUTION

P2PE has several benefits for merchants, including:

Simplification of PCI Data Security Standard (PCI DSS) compliance efforts. By significantly reducing merchants’ PCI compliance requirements, P2PE saves them both time and money.

Reduction of accountability for data loss and fines. Preventing access to the encryption/decryption keys keeps the P2PE transactions concealed from merchants.

Quicker payment process results in simpler and faster transactions, so merchants can handle a greater number of sales in a reduced amount of time.

Improved security protects customers’ data and your business reputation. Just one data breach can have a devastating impact on your business’ credibility, which can ultimately have a negative effect on customer loyalty and put you out of business.