Look no further than the UK to determine where U.S. payment security will focus in the next several years – and it’s not EMV. Long after EMV has been implemented, the UK and other countries recognize that the true solution to data breaches is encryption technologies, especially PCI-validated P2PE.
Today, many retailers are already considering upgrading their legacy Chip and PIN devices so they can provide their customers with high level security and utilise additional payment functionalities, such as contactless and wearable payment systems. Doing so will be a substantial investment for companies, who will want to guarantee their pounds are well-spent and will allow them to provide their customers with peace of mind over their payment card data.
To meet these ends, retailers must look towards Point-to-Point encryption (P2Pe). P2Pe is a set of security domains that is quickly on its way to becoming an industry standard, and provides a significant reduction of retailers’ scope of PCI compliance. It involves using encryption technology to encrypt payment card data at the moment it is inserted into a PIN entry device (PED), meaning the encryption is executed before the data is even sent to the payment service provider.
As a total lifecycle security standard, P2Pe ensures all hardware, infrastructure and payment applications comply with PCI. Additionally, it also includes an added security level concerned with tracking the PED, or Chip and PIN devices as they are more commonly known, for the entire lifecycle of the device.
The most enticing argument in favour of P2Pe adoption has been its ability to greatly reduce the scope of PCI DSS requirements that retailers are responsible for following, as it transfers much of the responsibility to the payment solution or service provider.
Retailers must be completely sure that they are meeting the strict set of standards laid out by PCI compliance. IT is therefore crucial for potential adopters of P2Pe to adopt the guidance of a specialist. Retailers who make their decisions based on nothing more than cost of implementation risk investing in a subpar solution that could be sending out inaccurate data. The result would be an expensive re-auditing process as the retailer backtracks in an attempt to achieve optimal and fully compliant P2Pe.
Read the full article.