What You Need to Know About P2PE: Point to Point Encryption & Why Compliance is Still Mandatory

by P. Heaven

on January 24, 2018
What is Point to Point Encryption? Point to Point Encryption (P2PE) is a standard that was established by the Payment Card Industry (PCI) Security Standards Council. This standard was established to prevent credit card fraud at the user level. What this means is once a card is swiped, all confidential cardholder information is immediately encrypted (intricately […]

What is Point to Point Encryption?

Point to Point Encryption (P2PE) is a standard that was established by the Payment Card Industry (PCI) Security Standards Council. This standard was established to prevent credit card fraud at the user level. What this means is once a card is swiped, all confidential cardholder information is immediately encrypted (intricately coded) making it more difficult to steal and less valuable for thieves.

What are My Compliance Requirements?

One common merchant misconception is that if you have P2PE associated with your Point of Sale (POS) system, you are not required to adhere to PCI Data Security Standards. This is not the case. If you decide to invest in a P2PE system, you are enhancing your security but not eliminating all security requirements set forth by the PCI DSS. According to PCI Security Standards Council; the merchant environment remains in scope for PCI DSS because cardholder data is always present in the merchant environment. For example, in a card-present environment, merchants have physical access to the payment cards in order to complete a transaction, and may also have paper reports or receipts with cardholder data.

To reduce the scope of your PCI DSS requirements, as it relates to Point to Point Encryption, you must first satisfy the requirement for a validated point of sale system equipped with P2PE capabilities. Generally, the PCI scope reduction is seen in the elimination of having to do annual scans.

How do I tell if my POS is validated?

To see if your point of sale system is validated, review PCI Security Standards Council’s listings of P2PE solutions.

When it comes to compliance and the security of your Brand | Business | Customers NuArx has you covered. We offer bundles for P2PE merchants that take the task of compliance off your to-do list. Our staff of qualified security assessors can help design a solution that enables secure transactions and minimizes your PCI compliance requirements.

 

To talk to our dedicated security specialists about our Point to Point Encryption bundles give us a call at 877.556.8279 or visit us on the web at www.nuarxinc.com

Sources:
 “Official PCI Security Standards Council Site – Verify PCI Compliance, Download Data Security and Credit Card Security Standards.” PCI Security Standards Council®, www.pcisecuritystandards.org/.

Pin It on Pinterest

Share This