PCI Point-To-Point Encryption (P2PE): What Merchants Should Know

October 19, 2016/0/0

Financial services companies have to adapt to the changes as well as complexities in the payment card industry (PCI) regulatory environment in regard to credit cards. This is done through a point-to-point encryption (P2PE) payment device that is PCI certified. P2PE provides a solution that maximizes security for credit card transactions.

The Payment Process

In order to be PCI compliant, the P2PE device converts credit card data into indecipherable code immediately upon the card being swiped in the card reader. This prevents card fraud and account data hacking. Once the credit card information is encrypted, the data is stored in a tamper resistant module called the point of interaction (POI). From the POI, the encrypted data is sent to the payment processor for decryption. The encryption and decryption keys are not accessible to the merchant, so data cannot be accessed at the retail level. Once encrypted code gets to the payment processor’s secure area, the codes are decrypted and then go to a bank for completion of the transaction. The transaction is either authorized or rejected, and the retailer is notified. The process of encrypting to decryption takes under one second to complete.

Benefits

A P2PE security system can be integrated simply into a retail environment and helps merchants by saving them time and money. In a case of credit card fraud, a merchant that uses a P2PE system is not held accountable for data loss and fines. The P2PE payment process benefits both customer and merchant by being faster and simpler than other point of sale processes.

Encryption tokenization with P2PE can allow you to manage payments from multiple locations with one application. A P2PE solution can be integrated with a mobile app, so you can collect payments both in person and online. A hosted payment gateway eases online checkout and remains secure. Look for a P2PE customization feature that allows you to collect recurring payments from a customer without keeping their credit card number on file.

For recurring payment scenarios, there is a PCI compliant solution using tokens for safe transmission of data. A state of the art storage facility for encrypted data can create a customer profile that stores a collection of consumer, account, and shipping records. This allows a merchant to schedule recurring payments without having to touch the customer’s credit data. A token is used by the merchant to gain access to and process the encrypted card data. This frees a business from keeping sensitive credit account information in the office where it can be accessed.

Important to Know

P2PE should not be confused with end-to-end encryption (E2EE). This type of encryption indirectly links the point of sale to the payment processor through multiple systems. It also keeps the unencrypted card data in the retailer’s system. E2EE is not PCI certified, and is a risky transaction solution because the unencrypted data can be accessed by data thieves.

Financial services companies that provide P2PE processing ensure safe and secure payment processing solutions for merchants of all sizes. This helps their clients stay compliant with the most current PCI Security Standards, as well as making the transaction process easier.