The Conexxus P2P Specification guides petroleum convenience retailers and their associated vendors when implementing point-to-point encryption technology in conformance with ANSI X9.119-Part 1. This part of X9.119 defines minimum security requirements when employing encryption methods to protect sensitive payment card data. “Protection”, in this case, refers to maintaining the secrecy of the data from unauthorized disclosure. It applies to protection of the data from the point of encryption to the point of decryption, wherever those points may be in a given system. The Conexxus Specification takes into account the need to support current business processes commonly found in the petroleum convenience industry for accepting a wide variety of cards, including proprietary cards, payment cards, fleet cards, local cards, loyalty cards, gift cards, and access cards. It uses encryption to maintain the security of sensitive cardholder data, allows exposure of data necessary to fully process unique petroleum transactions, and minimizes the PCI DSS requirements through the use of a hardware Secure Cryptographic Device (SCD) which can be stand-alone or co-located in site system equipment. The Specification provides:
- Guidance for implementing “encryption at swipe”, focusing on the ability to complete specialty card transactions, with the introduction of a SCD.
- Guidance and options for including the SCD in the site architecture.
- Messaging between the POS/EPS/OSP & the SCD.
- Guidance for development of an SCD using tables and indicator values to provide highly flexible business logic.
- Messaging for maintenance of the table information.