Eugene Mostert, Security Specialist employed at Transaction Junction for approximately 18 years, discusses the requirements to achieve PCI P2PE validation and how this solution ultimately protects the merchant and the end customer.
What is P2PE?
P2PE (Point-to-Point Encryption) is an encryption security standard for payment processing that encrypts cardholder as is required by the PCI SCC (Payment Card Industry Security Standards Council). Cardholder data must be encrypted immediately after it has been read by the payment entry device (PED). The cardholder data must remain encrypted until it has been decrypted by Transaction Junction in the cardholder data environment (CDE). This means that any data transmitted between the PED and the CDE is secure and cannot be used if stolen. The Transaction Junction P2PE Solution has been validated and approved by the PCI SSC.
The TJ solution is Acquirer agnostic, and currently supports 9 PCI approved PIN Transaction Security (PTS) Point of Interaction (POI) devices.
What is required to achieve a P2PE-validated solution?
A validated P2PE solution must include strong encryption to protect the cardholder data. The PED must be a P2PE approved device and must be fully validated against the TJ P2PE Solution. All validations must be done by a PCI qualified P2PE Security Assessor. The following are some of the P2PE standard requirements:
- Encryption at the Point of Entry: When a customer uses their card at a terminal, the data is encrypted from the moment it is read. This means the card data is converted into an unreadable format.
- Strong Encryption: Strong encryption must be used on the PED and complexity is required to keep the cardholder data secure. The higher the complexity the more difficult it will be for anyone to decrypt the data. The encrypted data travels through the merchant’s network but remains secure and unusable to anyone who might try to intercept it.
- Encrypted Key Management: All encryption keys must be kept in a secure location. TJ does not store any encryption keys so they cannot be stolen and used to access encrypted data.
- Decryption at the Secure Endpoint: Encrypted data is decrypted for to send to the acquiring bank for processing, and this must be done in a secure environment.
These requirements are there to ensure that data is only decrypted when required and only in a secure cardholder data environment. This ensures that every element, from the device used during the encryption process to the strong encryption method used, are up to the PCI SSC’s rigid standards for payment processing.
How does a P2PE-validated solution protect the merchant and end-customers?
Essentially, P2PE encrypts sensitive cardholder data that is required by payment processor (TJ). The cardholder data is encrypted into unreadable data that is completely useless unless you have the key to decrypt and reassemble the data into a readable format. The encryption keys are injected into the device and in the decryption zone (CDE) on the TJ payment application. By doing this the following is achieved:
- Secure Point of Entry (POI device): Cardholder data is encrypted with the injected keys on the device, making it unreadable. This also protects the cardholder against skimming at the POI.
- Secures Data in Transit: The encryption keys ensure that cardholder data is secure when transferred using any communications media to the decryption zone.
- Reduced PCI DSS Compliance Scope: Because P2PE minimises the areas in the merchant’s network that handles sensitive card data, it reduces the number of PCI DSS requirements that merchants need to follow and reduces security and regulatory costs significantly. No sensitive cardholder data is stored on the merchant network.
- Protection Against Malware and Network Attacks: Since sensitive data is encrypted from the outset, even if malware is installed on a point-of-sale (POS) device or network, it won’t be able to access unencrypted card data.