Point-to-Point Encryption

In order to strengthen data security protection levels, retail merchants are starting to introduce Point-to-Point Encryption (P2PE). With this security architecture, card data is encrypted as soon as it is inserted into the PIN Entry Device (PED) in an embedded SRED mode, thereby preventing card details ever being transmitted or stored in the clear. 

Transaction decryption is performed within a secure data centre, where a Hardware Security Module (HSM) is usually installed, although that is not mandatory. Our aim is to offer partners and retailers a range of P2PE implementation options that are compliant with the latest P2PE v2 standard.

G8 has been successfully integrated to Ingenico PCI PTS approved PIN pads that run the Ingenico On-Guard security application and also to Verifone devices that utilise the Verifone P2PE toolkit. Both these options leverage independently verified P2PE applications and components. We plan to add support for additional P2PE approved solutions and PIN pads over time.

The alternative P2PE approach uses strong network segmentation, locked down routers with firewalls and a hosted G8 implementation. Here the PIN pad connects to G8 across a fast-secured communications link that supports Transport Layer Security. This protects all data communication, not just the sensitive card details. As the PIN pad is not connected to the EPOS and G8 sits outside of the store environment then the EPOS and store can be deemed to be out of scope for PCI DSS compliance purposes. This simplified architecture has cost and time advantages over a fully certified solution.

Features and benefits

Flexibility

Choice of P2PE approach

Supporting multiple PIN pads

Phased implementation options

Security

Card details protected by strong encryption

EPOS is removed from PCI scope

Always following PCI guidelines

Cost saving

Lower PCI DSS program cost

Reduced annual compliance costs

Implementation plan savings