Monday, 23 November 2020

Point to Point Encryption (P2PE): Protecting Credit Card Data

Point to Point Encryption (P2PE): Protecting Credit Card Data
23 Aug
5:32

Point to Point Encryption is a major step forward in the way encryption is used to secure transactions and addresses key vulnerabilities of the retail transaction process When a customer uses their credit card during a transaction, their card data enters a complicated ecosystem where devices and applications of differing levels of security are trusted to ensure the payment reaches the intended party

This ecosystem begins when a payment card is swiped through a card reader The card reader captures the card data and transmits that data to the Point of Sale terminal The Point of Sale Terminal then encrypts the data and sends it on its way to a retail server The retail server then decrypts the data, briefly exposes the data in the clear, and then re-encrypts the data for transmission to the payment gateway Once at the payment gateway, the credit card information is decrypted again and sent to the bank for processing

Data is exposed several times throughout this process, leaving it vulnerable Point to Point Encryption solves this problem With Point to Point Encryption, the payment card data is encrypted by a One Time Encryption key as soon as the card is swiped into the card reader The credit card information remains in the encrypted state as it moves into the Point of Sale Terminal, then to the local server, and then to the payment gateway The key used to encrypt the data is a highly-secure, one time use key that is destroyed after use

The decryption keys are stored in an isolated Hardware Security Module (or HSM) at the payment gateway SafeNet�s HSMs are at the foundation of the only Point to Point Encryption solutions to be validated to date Simply put, Point to Point Encryption ensures credit card data remains in a consistent state of encryption throughout the entire payment process! To learn more about Point To Point Encryption, visit safenet-inccom/P2PE

« »

Related Articles