The evolution of credit card payments over the last decade has been staggering and the ability for merchants to keep up with the ever changing landscape can be quite daunting. It seems your acquirer/merchant bank is always urging you to change products due to enhanced security or better features. In a world of ever-evolving technologies, what is the right payment acceptance investment for your business? Point to Point Encryption, or P2PE could be that solution.
P2PE is a payment security system that instantaneously converts confidential credit card data and information into indecipherable code at the swipe of the card to prevent hacking and fraud. Credit card data becomes inaccessible at any point to other systems, networks or applications that your organization might be using, significantly reducing the scope of the Payment Card Information (PCI) Data Security Standard (DSS). P2PE alleviates many of the technical requirements that make it impossible for small to medium size merchants to comply allowing them to narrowing focus on ensuring they have appropriate business process controls in place to mitigate any risk of accidental exposure.
For merchants that qualify, a self-assessment questionnaire or SAQ will be provided by the PCI SSC which will outline only 4 out of the 12 requirements that apply. These requirements include; requirement 3: Protecting stored cardholder data, Requirement 4: Encryption of cardholder data in transmission, Requirement 9: Restrict physical access to cardholder data, and Requirement 12: Maintain information security policies. More information regarding the SAQ can be found at the PCI SSC website https://www.pcisecuritystandards.org/documents. It should be noted, in order to qualify for the SAQ, merchants are required to select a vendor that is approved by the PCI SSC as an approved P2PE vendor.
Upon adoption of P2PE, merchants will have a significant reduction in their compliance responsibilities . Additionally, credit card payments become more manageable and certainly more secure. Another advantage of P2PE is that it greatly reduces the amount of manpower involved in PCI compliance. Prior to P2PE, PCI compliance was a cross-functional effort that required input across multiple units in an organization including Human Resources, IT, and Business Process Owners. With P2PE, compliance can now solely rest on the shoulders of the Business Process Owner that is accepting the payment.
Non-e-commerce organizations that are looking to take advantage of P2PE solution should work with their acquirer/merchant bank in order to select at P2PE solution that will work in their environment. The acquirer/merchant bank is a key business partner when it comes to PCI compliance.
P2PE is a game changer for merchants as it reduces PCI scope and also increases security around cardholder data.