Loading...

Blog

Latest blog posts

What’s the point in point to point encryption?

The real point of P2PE is removing sensitive cardholder data from your systems, leaving you with less data security stuff to worry about. It’s about being secure and protecting your brand, your reputation, your ability to trade and keep trading.

We operate P2PE as a managed service for our customers. It sits alongside our tokenisation service, which also helps protect sensitive data.

P2PE is a standard created by the PCI security standard council whereby customer card data is encrypted directly on the PIN entry device (usually the PIN pad). It remains encrypted until it reaches our secure processing environment. This way, your point-of-sale terminals and systems never see any sensitive data in the clear, minimising the impact of a data security compromise.

Behind the scenes, each PIN entry device has a secure encryption key within it. We manage these keys from our secure datacentre and deploy them via remote key injection. To spare you the logistical hassle of physically installing keys on each device the key encrypts data on the device before sending it to our systems for processing. Your systems receive an encrypted token as a substitute for the customer data. These tokens would be useless to a fraudster if your systems were breached, as they are just random numbers.

ERP systems are used to storing card numbers. They’re used for identifying original transactions in the case of refunds, but also for identifying customers’ shopping patterns across channels. Our cross-channel tokenisation system replaces card numbers with a token of the same length. This removes sensitive data from your systems, yet still allows you to identify customers whether they shop with you online or in-store.

You can even replace existing stored card numbers with our tokens. We allow merchants to register a token without completing a transaction. The token is unique to each merchant and generating them does not significantly impact transaction speeds.

PXP offers P2PE as a managed service for customers.  You can either implement our certified P2PE application or our full P2PE solution. Both have been tested by trained P2PE assessors retained by the Payment Card Industry Security Standards Council (PCI SSC) against the standard.

PXP Financial

The End-to-end payment platform

Whatever your business needs today or tomorrow, PXP Financial’s innovative payment platform will support your business growth with all the payment services you will ever need from one source, wherever your business takes you.