Tag Archive for: Cardholder Data

What’s the Big Deal with Point-to-Point Encryption?

EMV, P2PE—What’s the difference and why should merchants implement Point-to-Point Encryption (P2PE) in their transaction environment that is PCI compliant?

EMV chip technology (named after Europay, MasterCard, and VISA—the pioneers in chip technology implementation) only protects against counterfeit card use but does nothing to safeguard vulnerable cardholder data from being captured in transit by hackers to use for online fraud and identity theft.

To combat hackers, the best weapon is to implement P2PE across the entire transaction lifecycle. P2PE expands the level of security by adhering to strict standards regulated by PCI. These include:

  • Using PCI Data Security Standard (PCI DSS)-validated payment devices
  • Loading devices with software applications and encryption keys in limited-access environments
  • Encrypting card data at the point of interaction (POI) (i.e. when the card is swiped or inserted)
  • Transmitting that data securely over the network where it is later decrypted and passed for authorization

These standards ensure a strict chain of custody before, during, and after possession by the merchant. By mitigating these data breach risk points, merchants can improve data security and make business operations more efficient.

For more information on how P2PE benefits both the merchant and your sales opportunities with the merchant, download our P2PE white paper today.