P2PE – or point-to-point encryption – is an acronym that’s been getting a lot of attention lately in the payment processing industry. What many merchants may not realize is that P2PE has direct benefits for them and their customers.
P2PE is a payment security solution that involves the encryption of cardholder data. Cardholder data includes any information contained on a customer’s payment card, including the primary account number (PAN), cardholder name, expiration date and data used for authentication and authorization. The data may be printed on either side of the card and contained in digital format on the magnetic strip or in the microchip embedded in the card.
Encryption is the process of encoding messages or information so that only authorized parties can read it. It is the most effective way to achieve data security because in order to read an encrypted file, you must have access to a secret key or password that enables you to decrypt it.
P2PE instantly and automatically converts sensitive cardholder data into encrypted code when the card is read at the point of sale (POS). The data is not decrypted until it reaches the solution provider’s secure environment. Because the card data is unreadable until decoded, P2PE makes it virtually useless to identity thieves and fraudsters.
The process works like this: A credit card is swiped through or inserted into a P2PE PCI-certified cardreader at the POS. The reader uses an algorithm to encrypt the confidential card data in a tamper-resistant module called the POI (point of interaction). The indecipherable code is transmitted from the POI to the payment processor for decryption. The keys for the entire encryption/decryption process are not available to the merchant, taking them out of the equation.
The codes remain encrypted until they reach the processor’s secure data zone, where they are decrypted to the original card numbers and moved along to the card-issuing bank for reading and authorization. The bank notifies the merchant that the transaction is either authorized or declined based on the cardholder’s credit account, and the merchant completes the transaction. From beginning to end, the process takes about one second.
P2PE has several benefits for merchants, including:
- Simplification of PCI Data Security Standard (PCI DSS) compliance efforts. By significantly reducing merchants’ PCI compliance requirements, P2PE saves them both time and money.
- Reduction of accountability for data loss and fines. P2PE transactions are “invisible” to merchants since they do not have access to the encryption/decryption keys.
- Quicker payment process results in simpler and faster transactions, so merchants can handle more sales in less time.
- Improved security protects customers’ data and your business reputation. Just one data breach can have a devastating impact on your business’ credibility, which can ultimately have a negative effect on customer loyalty and put you out of business.
The PCI Security Standards Council has produced a short and informative video that explains in more detail the benefits of P2PE for businesses and their customers.