Contact Us

Point-to-Point Encryption (P2PE) for Cost Effective PCI DSS Compliance

Point to Point Encryption - P2PE Icon

For years now, the Payment Card Industry Security Standards Council (PCI SSC) has been the driving force behind the definition, articulation, and enforcement of security requirements for the payments industry.  The PCI SSC has developed several standards, including the PCI Data Security Standard (PCI DSS), Payment Application Data Security Standard (PA-DSS), and PIN Transaction Security (PTS) requirements.

The same organization also defined PCI Point-to-Point Encryption (P2PE) standards. Through these standards, the PCI SSC details how providers of P2PE solutions can validate their solutions, and how, by leveraging these validated solutions, merchants can reduce the scope of their PCI DSS assessments.

P2PE Overview

 

Reducing the Cost of PCI DSS

Larger merchants may have hundreds or thousands of stores, which will mean there are thousands of point-of-sale (POS) systems and PIN entry devices (PEDs) that will be in scope and must be brought into compliance. Achieving and maintaining compliance is a complex, time consuming and costly process.

Simply by deploying a P2PE-compliant PED devices, merchants can effectively remove their stores from the scope of PCI DSS compliance. Consequently, for the vendors that serve the merchant community, delivering P2PE-compliant offerings to market can present a massive opportunity.


Leveraging HSMs for P2PE Compliance

The P2PE standard includes a number of requirements relating to the use of Hardware Security Modules (HSM) for encryption, decryption, and key management. Only a small number of vendors have the ability to offer P2PE-compliant solutions, and the SafeNet Payment HSM has played a key role in helping these vendors bringing their P2PE solutions to market.

SafeNet Payment HSM for Transaction Security

SafeNet Payment HSM

SafeNet Payment HSM (formerly Luna EFT) is a network-attached hardware security module (HSM) designed for retail payment system processing environments for credit, debit, e-purse and chip cards, as well as internet payment applications.

The Logic Group Logo
In developing the Solve DataShield offering, it was vital that we effectively comply with all the relevant PCI P2PE standards, including robust key management policies. Gemalto SafeNet Luna EFT HSMs delivered all the security capabilities that were required, while providing a platform that we could deploy quickly and manage efficiently.
- Nick Stacey, Dir. of Business & Market Operations at The Logic Group

Featured P2PE Resources

Point to Point Encryption - White Paper

Payment Card Industry Point-to-Point Encryption (P2PE) standards provide detailed guidelines for building payment processing solutions that safeguard payment data at all times.

Get this resource

The Logic Group - Luna EFT - Case Study

The Logic Group is a leading provider of multichannel payments and customer loyalty solutions to large corporate organisations in Europe. Because of SafeNet’s Luna EFT HSMs, The Logic Group’

Get this resource

An Anchor of Trust in a Digital World - White Paper

Considering the growing exposure and potential ramifications of information incidents – such as failed regulatory audits, fines, litigation, breach notification costs, market set-backs

Get this resource

Luna EFT - Product Brief

Gemalto SafeNet Luna EFT 2 is a network-attached Hardware Security Module (HSM) designed for retail payment system processing environments for credit, debit, e-purse and chip cards, as well

Get this resource
Back to Top

Contact Us

Thank you for your interest in our products. Please fill out and submit the form to receive more information about Gemalto or to be contacted by a Gemalto specialist.

Your Information

* Email Address:  
* First Name:  
* Last Name:  
* Company Name:  
* Phone:  
* Country:  
* State (US Only):  
* Province (Canada/Australia Only):  
Comments:  
 


By submitting this form I agree to receive information from Gemalto and its affiliates as described in our Privacy statement.