Point-to-point encryption (sometimes called simply P2PE) is a new handy development in the industry of transaction processing. It can get you as a merchant out of PCI-compliance scope, i.e. make your business less deeply concerned with PCI security. When a card number is encrypted before going through all the links of payment processing chain, the responsibility, the costs, and the risk of the whole process of credit card payment handling are significantly reduced.
As point-to-point encryption contributes to your PA-DSS compliance (PA-DSS stands for Payment Card Industry Data Security Standards), your business has much less obligations concerning the security of transaction processing. However, it doesn’t mean that you should neglect the ethical issues of card payment handling.
At the basic level P2PE is an easy-to-understand mechanism. A merchant, who does not “touch” the actual unencrypted cardholder data in any way, gets out Payment Card Industry scope (PCI-compliance scope). Such a merchant is not obliged to go through a complicated PCI audit procedure. When point-to-point encryption is used, cardholder data can be encrypted right at the point of card entry and never touch the merchant’s POS system, so that the merchant’s application is not subject to payment data security regulations.
Open Source Payment Gateway can help you to implement a payment solution, which incorporates all the features your business needs, including security aspects, and, particularly, point-to-point encryption. Contact us and our payment processing specialists will be glad to assist you.