Back to Basics: P2PE Tutorial

Posted by Joe Musitano on Dec 22, 2014 11:50:25 AM
P2PEThis is the first in our Back to Basics blog series. Monthly, we will deliver a blog post that is meant to take a step back and look at the basic definition of terminology commonly used in the payment processing industry, and briefly detail why it is important to know and understand for your business.

Today, we are discussing credit card security, namely Point-to-Point Encryption, or P2PE. 2013 marked the first time P2PE was officially listed as available from the PCI Security Standards Council’s website. Basically, P2PE is one of the newest methods for securing card transactions for your customers. When the card holder's data enters merchant's payment systems, as it transits, and all the way to the payment processor, it gets protected through encryption.

Usually, the payment processor installing the P2PE solution holds the burden of securing the data. They also have to securely manage all related applications and devices, maintain compliance with third-party organizations, and distribute a P2PE instruction manuals to all merchants, among many other responsibilities. So that responsibility gets shifted from merchants, and also any independent software vendors, to the payment processor.

One huge benefit of P2PE is that it simplifies PCI DSS compliance. This news actually comes straight from the mouth of the PCI Security Standards Council. Any system components that simply process and transmit encrypted data are adequately isolated from the encryption and decryption environments, and have no ability to decrypt the data.  They are therefore excluded from the scope of a PCI Compliance DSS review.

Why Install P2PE?

The requirements for installing this solution are fairly complex and require the help of a qualified assessor to comply with. If you choose to go with it, make sure you work with a company very experienced at what they’re doing, such as Solupay.

At a more practical level, P2PE is good way to augment EMV capable systems. In fact, it can be rolled out at the same time with the same hardware. Therefore, if you are rolling out EMV, add on P2PE to have the highest level of security.

Here’s why you might use it: 

  • It’s much simpler than PCI DSS
  • Your networks aren’t subject to PCI DSS’s scope
  • You cut your security compliance costs
  • Risk of data fraud keeps your cardholders secure
  • You don’t have as much financial liability for stolen data
  • You aren’t subject to as many software development costs
  • Payment processing architecture is simplified
  • It easily integrates into your existing systems
Whether P2PE gains momentum on a large scale remains to be seen. But for now, it’s a great way to keep your cardholder’s data secure. 

Get more information about Security Concerns

Topics: P2PE, Card Security