Point to Point Encryption (P2PE) provides the most secure and effective solution to protect sensitive cardholder data in combination with EMV and Tokenization while dramatically reducing the cost and scope of PCI DSS and PA-DSS. Encrypted card holder data has no value if stolen as only Creditcall can decrypt the data. With our P2PE developers, ISVs and VARs get access to a powerful tool that protects merchants from card skimming and data breaches.
How P2PE works
P2PE ensures no actual cardholder data is exposed at any time during a payment transaction as it is encrypted inside the card reader making it useless and void of any value if a skimming attack is attempted. With P2PE, card data is converted into meaningless encrypted information that is of no value for anyone outside of Creditcall. Using the banking industry standard encryption algorithm DUKPT (Derived Unique Key Per Transaction) a key is injected securely into each card reader at manufacture. This key is used to encrypt every transaction at source and changes for each and every transaction. The transaction remains encrypted until received by Creditcall which then passes on the decrypted information via its secure payment gateway to the bank or processor for authorization.
- At the point of card acceptance, i.e. within the card reader or PIN pad, the card data is securely encrypted.
- It can then be passed freely over standard public networks to the payment gateway and processor.
- Once within the secure data zone of Creditcall’s PCI DSS certified payment gateway, it is de-crypted and passed to the bank processor for authorization.
- Easy integration through the use of our ChipDNA SDK
- Remove scope, complexity and compliance cost of PCI DSS
- Simplified PA-DSS for equipment manufacturers
- Cut the risk of cardholder data fraud
- Reduce financial liability
- Reduce software development cost
- Increased card holder data protection
- Simplified payment processing architecture