If you've talked with your credit card processing representative, or with anyone about credit card services in the last couple of years, it's likely that you've heard many different acronyms thrown around. You may already be familiar with terms such as FSA, EMV, NFC as services like chip card acceptance and Apple/Android Pay have become common place.
There's one important definition however, that may not have made your list yet. P2PE, or, Point-to-Point Encryption.
So what exactly is P2PE? For some expert answers, we turned to one of our many processing partners.
The Basics of P2PE
P2PE is a standard of the PCI Security Standards Council. While payment solutions can encrypt data in a variety of different ways, to claim P2PE status, solutions must be reviewed and approved by the PCI Security Standards Council.
P2PE-validated solutions maximize security in several different ways, some of them going far beyond the encryption technology. For instance, from the time of the device’s manufacturing, it must be tracked and secured extensively to ensure that no tampering has occurred. This includes all of the stages of a device’s life like procurement, storage, shipping, and installation—every step of the way until it’s plugged in by the merchant.
Encryption in P2PE begins the instant the card is read, and continues as data is passed to the processor and acquirer and then back to the merchant. It helps to ensure the data is never at risk.
The Major Benefits of P2PE
In today’s world, fraud and breaches are a common occurrence. Some merchants, especially larger ones or merchants in industries that handle sensitive personal information, are particularly at-risk for a breach or for fraud. Considering the damage that a single incident can cause to a company’s bottom line, not to mention reputation, it’s crucial for these companies to do everything they can to prevent it.
P2PE is one of the best ways that payment solutions can ensure the security of personal information data and minimize breach risk. It makes life easier in a variety of ways:
- A reduced risk of payment fraud. By instantaneously encrypting cardholder data, it makes it nearly impossible for fraudsters to intercept and interpret the payment information and sensitive data.
- Simplified PCI-DSS compliance efforts. Many merchants must undergo annual or semi-annual audits that can be extremely time-consuming. P2PE helps to significantly lighten the load involved in the self assessments, and annual PCI audits, and helps merchants focus on their core business operations.
- Self-assessment questionnaire reduced from 12 sections to 4. This simplified compliance process is one of the most significant time savings involved with the implementation of a P2PE validated solution.
- Controls reduced from 329 questions to 35. The sheer reduction in volume is important to note—again, businesses will have far more time to focus on their day-to-day concerns as they rest easy knowing their customer’s payment data is safe.
- Minimized liability. Merchants who closely follow all of the instructions in the P2PE manual and implementation guide, and who never co-mingle their payments with other non-P2PE devices, face reduced liability, allowing them to rest easy in case anything ever does occur.
Why To Make a Change
Industries like healthcare, education, pharmaceuticals and who have many locations are especially focused on security, and P2PE can often be the best protection for these industries because of its higher level of payment data security. But merchants of any type can benefit from the added security that P2PE brings, and the increased time it gives them to focus on their core business.
If you are interested in learning more about P2PE or are interested discussing how to implement P2PE validated solutions with your pharmacy, contact RMS today to learn about available options. Integrations with multiple processing platforms give you the flexibility to work with the processor of your choice, while taking advantage of advanced functionality, including P2PE.
Article produced in partnership with TSYS Cayan Genius