PCI P2PE 2.0: What Does it Mean for Merchants and Processors?


In 2014, alone, there were 783 recorded data breaches involving more than 80 million consumer records. Large and small corporations, alike, fell victim to fraudsters who infiltrated merchant systems and stole clear-text cardholder data. PCI-validated point-to-point encryption (P2PE) solutions encrypt cardholder data at the Point of Interaction (POI) in a PCI-approved P2PE device, and decryption is done off-site in an approved facility. PCI-validated P2PE solutions prevent clear-text cardholder data from being present in a merchant or enterprise’s system or network where it could be accessible in the event of a data breach. For POS systems compromised by memory-scraping or other malware, the cardholder data is rendered useless to the attacker. All PCI-validated P2PE solution providers must abide by strict controls to protect encryption keys. Device key injection is done directly at a certified Key Injection Facility (KIF), and decryption only occurs in a PCI-compliant environment.

Download a PDF of the presentation:

Data Security, PCI Compliance