Merchant Account P2PE Explained
What is P2PE? P2PE (point-to-point encryption) is a security standard that requires credit card information to be encrypted instantly upon its initial swipe and then securely transferred directly to the payment processor before it can be decrypted and processed. The P2PE protocol ensures that the customer’s actual card number is not stored on any of a merchant’s devices, and it also renders the transaction data unusable to anyone who might intercept in transit to the payment processor. The actual card number is encrypted using a complex algorithmic calculation, and the encryption and decryption keys are not available to the merchant. P2PE differs from end-to-end encryption in that it directly connects the merchant’s point-of-sale environment to the payment processing network with no third-party intermediaries.
P2PE is recommended by the PCI Council as a best practice for protecting consumer card data. In order to qualify for the PCI P2PE standard, a system must meet the five following criteria:
- Secure encryption of payment card data at the point-of-interaction (POI)
- P2PE-validated application(s) at the point-of-interaction
- Secure management of encryption and decryption devices
- Management of the decryption environment and all decrypted account data
- Use of secure encryption methodologies and cryptographic key operations, including key generation, distribution, loading/injection, administration and usage.
P2PE is offered by a growing number of merchant account providers and is typically a built-in component of these providers’ hardware and software solutions.