Reduce Your Risk and Limit Compliance Scope

Point-to-point encryption (P2PE) helps secure your credit card data. It reduces related business risk and can help limit compliance scope such as that toward PCI DSS. The net outcome is generally a significant savings in the time and cost spent toward PCI compliance, and because PCI validation is annual, the savings is exponential and sustainable over time.

Wind River Financial has offered point-to-point encryption solutions for years with a great deal of success implementing them in a variety of environments.

Leverage Our Data Security Experts

Our in-house security team is available for assistance with P2PE. We’re available to:

  • Consult and answer questions
  • Work with and alongside your IT personnel
  • Help quantify risk to establish business cases
  • Identify appropriate credit card processing solutions and architecture
  • Train your employees on generalized data security best practices
  • Assist with other types of data security services

Secure Architecture

Point-to-point encryption in the credit card industry is defined as encrypting credit card data at the point of contact (whether the credit card is swiped or manually keyed in – more on this shortly). Separately, the decryption key to unlock the credit card data is stored in a different computer network environment. Since the merchant does not possess nor have access to the decryption key, attackers who manage to obtain the encrypted data cannot obtain the key to unlock it.

P2PE manages this via a secure architecture. That means if the data were stolen, even from within your computer network, it is useless to the attacker due to the encryption and resources needed to crack it. Essentially, it devalues credit card data or makes it too expensive for attackers to defeat. In this manner, the credit card data is a less attractive target and is highly secure.

Business Risk vs. Compliance Risk

An effective P2PE implementation in your environment should significantly reduce your risk of credit card data compromise. It can also help limit your PCI DSS scope. With that said, there is one thing to keep in mind. The P2PE solution must be validated by the PCI Council.

The challenge here is that since the payments industry is competitive and a potential P2PE solution has a lot of requirements to meet in order to be validated, the number of solutions validated by the PCI Council is limited. There are many merchants using non-validated P2PE solutions, which is why the PCI Council released an FAQ and guidance on use of these non-validated solutions. This is why it may be important to prioritize business risk reduction versus compliance risk.

Want to Learn More?

Our team is ready to answer any questions you may have regarding point-to-point encryption and how a P2PE solution could benefit your business.

Get Started