Data Encryption is PCI’s Second Line of Defense

September 11, 2015

Hackers have managed to find their way past the online security systems of large retailers, hospital systems, and even the federal government. To help answer those threats, the Payment Card Industry Security Standards Council updated a key security standard that will help businesses make their data unreadable if they are stolen.

PCI Point-to-Point Encryption Solution Requirements and Testing Procedures version 2 will give companies, particularly large merchants, flexibility to develop solutions and provide P2PE components. New with version 2 is the option for merchants acting as solution providers to implement and manage their own P2PE solutions for their own point-of-sale (POS) locations.

PCI Point-to-Point Encryption solutions help merchants by encrypting cardholder data at the earliest point of acceptance, making that data less valuable to attackers even when compromised in a breach.

“Malware that captures and steals data at the point-of-sale continues to threaten businesses and their ability to protect consumers' payment information. As these attacks become more sophisticated, it's critical to find ways to devalue payment card data,” PCI SSC chief technology officer Troy Leach said in a statement announcing the update.

The goal is to protect cardholder data from the moment it’s used at a POS terminal until it goes through the card processing company’s network. P2PE works by encrypting data right at the point of acceptance, making it harder for attackers to steal card data using POS malware tools that work by capturing card data from the retail terminal, before it can be encrypted.

For more information

Contributed by Vanco Payment Solutions. Through the Michigan Chamber’s partnership with Vanco, you have the opportunity to accept credit, debit and other electronically based transactions at just 0.2% above cost. Email Vanco Payment Solutions or call them at 866-944-0055 to learn more.