Point-to-Point Encryption

In order to strengthen data security protection levels, retailers, airlines and transportation operators are introducing Point-to-Point Encryption (P2PE). With this security architecture, card data is encrypted as soon as it is inserted into the PIN Entry Device (PED) in an embedded SRED module, thereby preventing card details ever being transmitted or stored in the clear.

Transaction decryption is performed centrally within a secure environment, where a Hardware Security Module (HSM) is usually installed, although that is not mandatory. Our aim is to offer partners and retailers a range of P2PE implementation options that are compliant with the latest PCI P2PE standard.

G8 has been successfully integrated to Ingenico PCI PTS approved PIN pads that run the Ingenico On-Guard security application and also to Verifone devices that utilise the Verifone P2PE toolkit. Both these options leverage independently verified P2PE applications and components. We plan to add support for additional P2PE approved solutions and PIN pads over time.

  • Strong network segmentation, locked down routers with firewalls and a hosted G8 implementation. Here the PIN pad connects to G8 across a fast, secured communications link that supports Transport Layer Security. 
  • A new G8 encryption feature, that uses public key cryptography, allows transactions captured offline to be stored securely on disk encrypted. The settlement file can only be decrypted by the PSP. This approach is particularly relevant for airlines and transportation operators who accept transactions offline.

Features and benefits

Flexibility

Choice of P2PE approach

Supporting multiple PIN pads

Phased implementation options

Security

Card details protected by strong encryption

EPOS is removed from PCI scope

Always following PCI guidelines

Cost saving

Lower PCI DSS program cost

Reduced annual compliance costs

Implementation plan savings