Logo

Next Event:

RSPA - Retail Now 2014
August 4-6, 2014

Phone Mail Favorite

P2PE White Paper


Point-to-Point Encryption (MPPE) is a protocol for encrypting data across Point-to-Point Protocol (PPP) and virtual private network (VPN) links. It uses the RSA RC4 encryption algorithm. MPPE supports 40-bit, 56-bit and 128-bit session keys, which are changed frequently to improve security. The exact frequency that the keys are changed is negotiated, but may be as frequent as every packet.

Point-to-Point Encryption

The Challenge

Every retailer and company that accepts credit and debit card payments today runs the risk of being targeted by cybercriminals for the purpose of stealing customer's payment card data. In addition to robbing companies of their customers' trust, every compromised record can expose these businesses to fines from bank regulators and the card associations. Even companies that have recently been certified as being PCI compliant are still being breached at an alarming rate. The challenge is finding an easy to implement solution that improves security at every transactional stage and remains cost-effective for the business.

The Solution

Point-to-point encryption (P2PE), also referred to as end-to-end encryption (E2EE), ensures sensitive credit card data is protected while in transit from first card swipe (or other point of interaction) to the point of decryption at the payment processing host. Vulnerable data is protected by state-of-the-art tokenization that removes the need to store card data and replaces it with a randomly generated number called a token. The token can be used for many business processes such as returns, chargebacks, recurring payments, sales reports, analytics or marketing programs, but cannot be used to conduct a fraudulent transaction outside your systems.

PCI audit companies have determined that a well-architected, properly deployed P2PE solution can virtually eliminate the current risk of credit card data compromise for a retail environment and provide a clear and dramatic reduction of PCI compliance scope that will, in turn, reduce the cost of PCI compliance assessment and validation.

PCI Compliancy and Scope Reduction

The Payment Card Industry has developed the PCI Data Security Standard (PCI DSS) to mitigate the risk of compromise to customers' payment card data. The standard is applicable only to the system components that are "within scope" of PCI. The PCI DSS is based on industry security best practices, but is not focused on the overall information security. To reduce PCI DSS compliance scope, merchants must reduce the potential security risk and access to payment card data.

The PCI Security Standards Council has incorporated scope reduction guidance within the PCI DSS framework and through guidance on specific technologies or architecture. Compliance scope reduction has commonly been addressed through the implementation of network segmentation where systems and environments that process, store, or transmit card data are "isolated" from other non-payment environments. Most of the DSS controls are designed to manage card data risk from specific threats. Therefore, it is possible to reduce the control scope by securing the card data in the merchant environment so that those threats are no longer a viable risk. By strongly encrypting card data at the point of interaction in a secure and restricted device, where the ability to decrypt the card data is removed, and by adhering to specific deployment scenarios, a large portion of the environment can be treated as "out-of-scope" similar to network segmentation.

The reduction of PCI compliance scope eliminates the cost of PCI control deployment for the purpose of compliance. It also reduces the cost and effort to validate PCI compliance of the merchant environment.

Summary

If you need to secure your customers' sensitive data from theft and help protect your business from financial penalties, damage to your reputation and customer loyalty then you should seriously consider implementing P2PE into your payment system. Not only does P2PE give your business one of the most secure PCI-DSS solutions on the market today but it will also reduce PCI cost be reducing your business' scope for PCI compliancy.

Contact Us

Mail

sales@mrsonline.ca

Phone

North America Toll-Free:
1-888-380-2677
Dial Extension 229 for Sales

Address

160 East Beaver Creek Rd
Unit #16
Richmond Hill, Ontatio, Canada
L4B 3L4

View Map

Testimonials

New York and Company (formerly Lerner New York) started the relationship with Dave Mears and Angelo Kalpakis at MRS in 1998.

Our first experience with MRS was to have them assist us in a code sync of the source code and executable modules to insure we had a valid platform to build upon. In addition, they assisted us with the Y2K validation and code changes.

The quick response from Dave Mears, and his professionalism in evaluating the environment, made it an easy decision to switch providers for our POS needs. Due to his and Angelo's commitment, the transition process went very smoothly.

Since 1998, New York and Company (Lerner New York), have implemented over 10 releases of POS software in more than 500 stores nationwide. With each upgrade, we have partnered with MRS to implement enhancements that allowed the business to streamline processes, add value and improve performance. All of these enhancements enable our store associates to minimize the turnaround time at the wrap desk, and concentrate on the customer.

Some of the enhancements have been: Implementation of Gift Receipts, Implementation of Gift Cards, Replenishment of back stock to the sales floor, Improvements to the Credit Card authorization turnaround (multithreading via dial up) and Performance improvements to the closing process.

Dave and Angelo continue to be extremely responsive to our POS software requests, and have managed to help us achieve several goals we originally thought impossible, given the age of our hardware, as well as our outdated operating systems. We receive constant support on issues, as well as an experienced perspective for fixes and enhancements. All these things combined have allowed us to stretch the life of our hardware by enabling us to implement much needed improvements in our stores.

Thanks for all the support!

Copyright 2014 Millenium Retail Solutions, Inc, All Rights Reserved.