How To Achieve Invulnerable Payment Data, Point To Point

By Bernadette Wilson

Paul Kleinschnitz, SVP, GM of Cyber Security Solutions for First Data explains point-to-point encryption and tokenization, why they are important for data security for your merchant IT clients, and how they complement EMV-enabled systems.

BSM: Recent high-profile data breaches have underscored the importance of P2PE (point-to-point encryption) for transactions. Can you explain P2P encryption and how it strengthens transaction security?

Kleinschnitz: P2P encryption means that transaction data is protected via encryption immediately from the point of entry in the merchant environment until it reaches a secure point outside the merchant environment. The most secure implementations have the outside point at the acquirer, card network, or card issuer, so the cardholder data is never available to unauthorized parties until it needs to be “in the clear” for routing or processing.

P2PE strengthens transaction security by ensuring that cardholder data is never accessible to criminals inside the merchant environment. If a merchant is breached and cybercriminals accesses transaction data at rest or in flight, it will be useless to them, as they will not be able to decrypt the data (i.e., turn it into readable form that they can use to make counterfeit cards or submit fraudulent transactions.

Please log in or register below to read the full article