In 2014, alone, there were 783 recorded data breaches involving more than 80 million consumer records. Large and small corporations, alike, fell victim to fraudsters who infiltrated merchant systems and stole clear-text cardholder data. PCI-validated point-to-point encryption (P2PE) solutions encrypt cardholder data at the Point of Interaction (POI) in a PCI-approved P2PE device, and decryption is done off-site in an approved facility. PCI-validated P2PE solutions prevent clear-text cardholder data from being present in a merchant or enterprise’s system or network where it could be accessible in the event of a data breach. For POS systems compromised by memory-scraping or other malware, the cardholder data is rendered useless to the attacker. All PCI-validated P2PE solution providers must abide by strict controls to protect encryption keys. Device key injection is done directly at a certified Key Injection Facility (KIF), and decryption only occurs in a PCI-compliant environment.
Download a PDF of the presentation: