CDE Blog

What is P2PE?

Written by Lori London | Feb 15, 2016 5:00:00 AM

 

As the landscape of electronic payment processing continues to grow and evolve, the amount of consumer financial records available to thieves continues to grow as well.  With the continued prevalence of data breaches, it’s more important than ever to protect the data transmitted during an electronic payment from fraudulent activities.  In 2015, there were 781 recorded data breaches that resulted in more than 169 million consumer records being compromised. *  After a number of companies both large and small fell victim to these breaches, the focus on payment processing security began to grow.

One positive development in protecting cardholder data is the implementation of a PCI-validated P2PE or Point-to-Point Encryption.  But why is P2PE so effective and why does it mean for it to be PCI-validated?  We’ll help you understand so you can make the right choice for your organization.

What is P2PE?

Traditionally, cardholder data is “in the clear” at some point in the merchant environment.  This data is highly susceptible to theft and fraudulent activity.  With P2PE, the data is encrypted at the “point of interaction” or POI, which is typically the time of a card swipe or key entry.  After this, the data can’t be decrypted until it reaches the P2PE solution provider’s secure decryption location.  Throughout every step in the payment transaction, the data is secured and protected from security breaches.

Why should it be PCI-validated?

The answer to this is actually pretty simple.  The PCI Security Standards Council is a global organization that maintains, evolves, and promotes standards for the safety of cardholder data around the world.
They influence and help guide the work done by those in the payments industry and determine which efforts and developments are truly necessary for protecting cardholder data.  When using P2PE technology from a PCI-validated organization, businesses can greatly reduce the time and cost associated with acquiring, implementing, and maintaining card data security.

Why is it so effective?

P2PE offers data security that holds strong throughout the entire payment transaction, not just select portions.  Because card data is never exposed in the merchants’ POS environment, hackers will have nothing to gain by intruding on the systems or networks.

Without such a high level of security in processing payments, consumer financial data is left either very vulnerable or unprotected altogether.  When security breaches happen, the data that is stolen can be used to commit identity theft and fraud on very grand levels.  These types of actions, even on smaller levels, can have serious implications on the financial stability and well-being of the individuals that were stolen from.  For a merchant, the impact of a breach can literally put them out of business.

When a business falls victim to a data breach, it’s harmed in several different ways.  First, it could result in fines from the card associations or lawsuits from government agencies or organizations, and even consumers.  There are then costs to cure the breach which of course are more exaggerated in a reactive mode.  Experian details the best way to respond to this type of event in their “Data Breach Response Guide” and explains just how intense these processes can be.  Lastly, consumers will lose their trust in the business.  A tarnished reputation with consumers can ultimately ruin a business in some cases.

Instead of worrying so much about recovering from a hacker’s work, businesses are better off taking the proper precautions to protect themselves with payment processing that uses P2PE security.

 

*Identity Theft Resource Center