Point-to-Point Encryption
In order to strengthen data security protection levels, retailers, airlines and transportation operators are introducing Point-to-Point Encryption (P2PE). With this security architecture, card data is encrypted as soon as it is inserted into the PIN Entry Device (PED) in an embedded SRED module, thereby preventing card details ever being transmitted or stored in the clear.
Transaction decryption is performed centrally within a secure environment, where a Hardware Security Module (HSM) is usually installed, although that is not mandatory. Our aim is to offer partners and retailers a range of P2PE implementation options that are compliant with the latest PCI P2PE standard.
G8 has been successfully integrated to Ingenico PCI PTS approved PIN pads that run the Ingenico On-Guard security application and also to Verifone devices that utilise the Verifone P2PE toolkit. Both these options leverage independently verified P2PE applications and components. We plan to add support for additional P2PE approved solutions and PIN pads over time.
- Strong network segmentation, locked down routers with firewalls and a hosted G8 implementation. Here the PIN pad connects to G8 across a fast, secured communications link that supports Transport Layer Security.
- A new G8 encryption feature, that uses public key cryptography, allows transactions captured offline to be stored securely on disk encrypted. The settlement file can only be decrypted by the PSP. This approach is particularly relevant for airlines and transportation operators who accept transactions offline.
Features and benefits
Flexibility
Choice of P2PE approach
Supporting multiple PIN pads
Phased implementation options
Security
Card details protected by strong encryption
EPOS is removed from PCI scope
Always following PCI guidelines
Cost saving
Lower PCI DSS program cost
Reduced annual compliance costs
Implementation plan savings