Point to point encryption (P2PE) provides the most secure and effective solution to protect sensitive cardholder data in combination with EMV and Tokenisation while dramatically reducing the cost and scope of PCI DSS and PA-DSS. Encrypted card holder data has no value if stolen as only Creditcall can decrypt the data. Our PCI-validated P2PE certification for Ingenico and Verifone PIN pads means developers, ISVs and VARs have a powerful tool that protects merchants from card skimming and data breaches.
How P2PE works
P2PE ensures no actual cardholder data is exposed at any time during a payment transaction as it is encrypted inside the card reader making it useless and void of any value if a skimming attack is attempted. With P2PE, card data is converted into meaningless encrypted information that is of no value for anyone outside of Creditcall. Using the banking industry standard encryption algorithm DUKPT (Derived Unique Key Per Transaction) a key is injected securely into each card reader at manufacture. This key is used to encrypt every transaction at source and changes for each and every transaction. The transaction remains encrypted until received by Creditcall which then passes on the decrypted information via its secure payment gateway to the bank or processor for authorisation.
- At the point of card acceptance, i.e. within the card reader or PIN pad, the card data is securely encrypted.
- It can then be passed freely over standard public networks to the payment gateway and processor.
- Once within the secure data zone of Creditcall’s PCI DSS certified payment gateway, it is de-crypted and passed to the bank processor for authorisation.
- Easy integration through the use of our ChipDNA SDK
- Remove scope, complexity and compliance cost of PCI DSS
- Simplified PA-DSS for equipment manufacturers
- Cut the risk of cardholder data fraud
- Reduce financial liability
- Reduce software development cost
- Increased card holder data protection
- Simplified payment processing architecture
P2PE vs. PCI P2PE
Only PCI validated and listed P2PE solutions such as ChipDNA can reduce the scope of the cardholder data environment, which helps simplify compliance efforts for merchants with the PCI DSS.
Creditcall’s ChipDNA PCI P2PE certification covers multiple EMV chip card payment terminals including the Ingenico iPP350 and Verifone VX 820 for attended card payment processing often used in retail and hospitality and the Verifone UX for unattended applications commonly seen in parking, vending or transportation environments.
P2PE can protect you from
- Loss of cardholder data in the event of a breach
- Brand and reputation damage
- Loss of revenues
- Payment brand penalties
- PCI fines
This omni-channel device support was made possible by close collaboration between Creditcall and the manufacturers’ distribution partners Hemisphere West Europe and Secure Retail.