Tag Archive for: Payment Security

What’s the Big Deal with Point-to-Point Encryption?

EMV, P2PE—What’s the difference and why should merchants implement Point-to-Point Encryption (P2PE) in their transaction environment that is PCI compliant?

EMV chip technology (named after Europay, MasterCard, and VISA—the pioneers in chip technology implementation) only protects against counterfeit card use but does nothing to safeguard vulnerable cardholder data from being captured in transit by hackers to use for online fraud and identity theft.

To combat hackers, the best weapon is to implement P2PE across the entire transaction lifecycle. P2PE expands the level of security by adhering to strict standards regulated by PCI. These include:

  • Using PCI Data Security Standard (PCI DSS)-validated payment devices
  • Loading devices with software applications and encryption keys in limited-access environments
  • Encrypting card data at the point of interaction (POI) (i.e. when the card is swiped or inserted)
  • Transmitting that data securely over the network where it is later decrypted and passed for authorization

These standards ensure a strict chain of custody before, during, and after possession by the merchant. By mitigating these data breach risk points, merchants can improve data security and make business operations more efficient.

For more information on how P2PE benefits both the merchant and your sales opportunities with the merchant, download our P2PE white paper today.


PIN Entry Devices to Expire

As security standards continue to evolve, some PIN entry devices are approaching their expiration. The PCI Security Standards Council and Visa recently announced that devices approved in the first version of the PCI PIN program (way back in 2004!) and not subsequently approved for higher levels of security are now at their expiration point. Stakeholders with Version 1.x devices should actively plan for the replacement of those devices, as they are much more vulnerable to compromise and may lead to theft of your cardholder information. See the full expiration announcement here.

How do you know whether your device is reaching expiration? Different manufacturers use different ways to identify them. Look for markings indicating the PCI PTS PED approval version, and if you are having trouble reach out to our experts.

To contact us:

POSDATA, a Business Unit of Control Solutions Inc.

5775 Soundview Drive, Suite 101E
Gig Harbor, WA  98335