Point-To-Point Encryption

Point-to-point encryption (P2PE) is an advanced security tool that helps protect the sensitive information contained within a credit card’s magnetic stripe.

P2PE works by encrypting card information from the moment it is taken (known as the point of interaction or POI), using an algorithm that turns the data into unreadable codes. These codes are then transferred directly to the processor where they are decrypted automatically using a secure key, before being passed onto the card issuing bank.
Since the decryption is carried out electronically, the merchant does not have to decrypt data manually nor do they need access to the secure key; therefore, they never have access to their customer’s personal card data. The P2PE solution will even supply a token for each transaction, to help identify and refund the payment at a later date, without ever revealing the card information.

Point-to-point encryption keeps payment information safe during the transaction process by encrypting cardholder data from the point of card swipe or manual entry (when inputting data through a P2PE device) through the authorization process. Encryption protects sensitive data while the information is in transit. Customers and merchants enjoy safer transactions, while thieves fail to gain access to actual credit card numbers.

• Point-to-Point Encryption Solution Provider:

  United TranzActions in partnership with Vantiv, now WorldPay, offers a compliant solution that will protect customer data and reduce a merchant's risk.

• Point-to-Point Encryption (P2PE) Solution:

  The solution itself contains encryption and decryption environments, Point of Interaction devices, and access to a Virtual Terminal.

• Point of interaction (POI):

  This term refers to the technology merchants use to take the customer's credit card information, such as a magnetic strip. Relevant applications on the POI must also be compliant with point-to-point encryption requirements.

• With a P2PE validated solution, merchants save significant time and money as PCI requirements may be greatly reduced. For organizations who use a P2PE validated solution provider, the PCI Self Assessment Questionnaire is reduced from 12 sections to 4 sections and the controls are reduced from 329 questions to just 35.
• In the event of fraud, the P2PE Solution Provider, not the merchant, is held accountable for data loss and resulting fines that may be assessed by the card brands (American Express, Visa, MasterCard, Discover, and JCB).
• The payment process with P2PE is quicker than other transaction processes; thus, creating simplified and faster customer-merchant transactions.