The Important Aspects of P2PE

It is important to keep in mind that encryption cannot always be performed at the point of card swipe. An alternative option is to encrypt cardholder data inside the payment terminal. Anyway, you as a merchant should think, where the data is going to be encrypted and what this means for you in terms of PCI compliance.

We should also note that no encryption technique or algorithm is always better than all the others, it always depends on specific merchant’s case. When choosing an encryption algorithm, one should remember, that encryption keys can be symmetric or asymmetric. For instance, some widely-used encryption techniques are based triple-DES with DUKPT algorithm (which is especially relevant for secure handling of PIN transactions).

Both software and hardware can be used decryption of cardholder data. Generally, an HSM (hardware security module) is needed to ensure thorough compliance with payment card industry (PCI) requirements. An HSM is used for storage of the decryption key, which never gets exposed. If decryption keys are stored by some special software (instead of an HSM), there is a risk that they might be intercepted. Consequently, software-based decryption solutions are less secure than HSM-based ones.

Other key P2PE related aspects to be considered include budgetary constraints and others. All of these aspects must be kept in mind when a particular P2PE solution is implemented.

Payment Gateway Software can help you to implement a payment solution, which incorporates all the features your business needs, including security aspects, and, particularly, point-to-point encryption. Contact us and our payment processing specialists will be glad to assist you.