P2PE (Point to Point Encryption) in Payment Processing

JetPay Communications

January 18, 2019

The use of “hard cash” to make payments is becoming a thing of the past. That’s thanks largely to faster and more affordable network speeds as well as the rise of cloud-based card payment processing solutions. Now, almost all merchants – regardless of size – can accept card payments, whether from a fixed location or while on the go.

Card payments have made transactions more straightforward and more efficient for both merchants and consumers. However, criminals are always developing new ways to steal data, which is why the Payment Card Industry Security Standards Council (PCI) has developed the PCI Point-to-Point Encryption (P2PE) Standard.

What Is P2PE?

Every time a merchant accepts a card payment, a sequence of digital communications occurs, leaving cardholders vulnerable to data theft and fraud. Using a combination of applications, processes, and secure devices, merchants can encrypt card and transaction data from the point of interaction (POI: when a customer first uses their card) until it reaches the payment processor. This precaution helps ensure that even if a criminal steals the data, they won’t be able to decipher it.
P2PE is a standard created by the PCI. It refers to a set of minimum requirements, the aim of which is to maximize security for both cardholders and merchants.

P2PE Requirements

Only vendors of P2PE solutions need to worry about complying with the PCI P2PE Standard. Merchants can opt to employ alternatives to P2PE solutions that don’t comply with the PCI P2PE Standard. However, these end-to-end encryption solutions do not provide the optimum in data protection. Only P2Pe systems can.
A P2PE solution must include:

  • The encryption of cardholders’ data at the POI.
  • Validated P2PE applications at the POI.
  • Management of decryption and encryption devices.
  • The use of cryptographic key operations and secure encryption methods.

The PCI periodically requests feedback from its stakeholders and authorized vendors of P2PE solutions to update its requirements. These updates focus on simplifying, modernizing, and enhancing the flexibility of the P2PE Standard. You can learn more about the future of the PCI P2PE Standard by visiting the PCI website.

The Benefits of P2PE for Merchants

If you accept, store and transmit cardholder data, you must comply with the PCI Data Security Standard (DSS). Using a PCI-authorized P2PE solution reduces your scope of responsibilities regarding compliance with the PCI DSS. You can also assure customers that when they shop with you, they face a minimized risk of falling victim to fraud and data theft.
Additionally, as a merchant, you can realize multiple benefits by employing P2PE solutions.

  • You can simplify and reduce the cost of complying with the PCI DSS.
  • You can virtually eliminate any risks associated with payment data security breaches.
  • You can void fines from regulatory authorities regarding compliance with the PCI DSS.
  • You can boost customer confidence by offering the assurance of secure card payments.
  • You can entrust cardholder data security to an approved vendor of P2PE solutions who will handle this sensitive information on your behalf.

Contact JetPay to Learn More about P2PE

We’ll be releasing our PCI-Validated P2PE Solution, JetSecure, in 2019, meaning we can give you all the advice and information you need regarding the PCI P2PE Standard, how P2PE works, why it’s beneficial, and how you can implement it for your business. If you want to discuss the future of secure payment processing with our professionals, call us on 800-834-4405.

Sign up for more from the blog.

Get weekly updates and summaries.