Now that the dust of EMV implementation has settled, retailers, merchants, enterprises, healthcare organizations and educational institutions are realizing that not only are data breaches showing no signs of slowing down, fraudsters are still gaining access to credit card data through point of sale (POS) systems and networks. 2017 set the record for data breaches, with the Identity Theft Resource Center reporting 1,579 breaches compromising 179 million records. High-profile data breaches that compromised clear-text card data in 2017 included Hyatt, Equifax, Arby’s, Whole Foods, and Sonic Drive-In.
There are two security paths companies can take to protect cardholder data: Defend the Data or Devalue the Data. To Defend the Data, companies must build stronger, higher and more expensive walls of security around their systems for protection. With the Devalue the Data approach, companies employ security technology to devalue the cardholder data before it reaches their POS systems and networks, rendering the data useless to hackers if it is exposed.
PCI-validated Point-to-Point Encryption (P2PE) is an integral security component in devaluing data, since it encrypts credit card information at the Point of Interaction (POI) in a PCI-approved P2PE device and decryption is done in hardware and outside of the merchant environment.