Point-to-Point Encryption (P2PE) for Cost Effective PCI DSS Compliance

Credit Card Data Security

For years now, the Payment Card Industry Security Standards Council (PCI SSC) has been the driving force behind the definition, articulation, and enforcement of security requirements for the payments industry.  The PCI SSC has developed several standards, including the PCI Data Security Standard (PCI DSS), Payment Application Data Security Standard (PA-DSS), and PIN Transaction Security (PTS) requirements.

Most recently the organization unveiled PCI Point-to-Point Encryption (P2PE) standards. Through these standards, the PCI SSC details how providers of P2PE solutions can validate their solutions, and how, by leveraging these validated solutions, merchants can reduce the scope of their PCI DSS assessments.

Reducing the Cost of PCI DSS

Larger merchants may have hundreds or thousands of stores, which will mean there are thousands of point-of-sale (POS) systems and PIN entry devices (PEDs) that will be in scope and must be brought into compliance. Achieving and maintaining compliance is a complex, time consuming and costly process.

Simply by deploying a P2PE-compliant PED devices, merchants can effectively remove their stores from the scope of PCI DSS compliance. Consequently, for the vendors that serve the merchant community, delivering P2PE-compliant offerings to market can present a massive opportunity.

Leveraging HSMs for P2PE Compliance

The P2PE standard includes a number of requirements relating to the use of Hardware Security Modules (HSM) for encryption, decryption, and key management.  To date, only a small number of vendors have announced P2PE-compliant solutions, and the SafeNet Luna EFT HSM has played a key role in helping these vendors bringing their P2PE solutions to market. 

Luna EFT – Payment Security HSM

SafeNet Luna EFT HSM

The Luna EFT is a high performance, network-attached Hardware Security Module (HSM) designed to secure financial transactions.

View Product Details
CTA - Payment Card WP
Sustaining PCI Compliance in the Cloud - CTA