Payment security lingo: What's point-to-point encryption?


July 11, 2019

Data breaches continue to generate unfortunate headlines. That attention is understandable because data breaches provide the raw fuel for fraud. Data containing sensitive credit card and other personal information is especially prized by criminals.

Managing a modern business means wearing many hats. You don’t need to become an expert in payment security to keep your business safe. But there are clear benefits to being a more informed consumer of payment services.

If you own or operate a business that accepts credit cards you should be familiar with a few key terms. One of these is point-to-point encryption. Point-to-point encryption helps protect sensitive payment data from theft.

How does point-to-point encryption work to make payments safer?

Through a combination of secure devices, applications, and processes, businesses can encrypt data directly from the point of interaction to the point-to-point encryption solution provider’s secure decryption environment.

Every credit or debit card transactions initiates a sequence of data communications: checking if the cardholder has sufficient funds to complete the transaction, sending approval or denial messages back to the merchant, etc. Point-to-point encryption protects credit card data “in flight” as it passes between parties to help prevent it from being compromised.

A point-to-point encryption solution is comprised of hardware, software and, most importantly, people.

  • Hardware: A point of interaction (POI) [known as point of sale (POS) in UK]  refers to the payment acceptance hardware used to capture card information, such as a magnetic stripe or EMV chip [ known as chip and PIN in UK] card reader. All applications on the POI [POS] device must also be compliant with point-to-point encryption standards.
  • Software solutions contain encryption, application, decryption and key management environments, configuration, design and other components. Point-to-point encryption software solutions can be Listed or Non-Listed according to the Payment Card Industry (PCI) Security Standards Council.
  • People: A third-party payment processor, payment gateway provider, acquirer or other third that creates and implements solutions to protect customer data and reduce your risk of a data breach.

With point-to-point encryption, merchants eliminate cardholder data from ever entering the point of sale environment. Point-to-point encryption significantly increases data security by protecting cardholder data in transit and at rest.

Point-to-point encryption drastically simplifies PCI compliance

Any entity that accepts, transmits or stores cardholder data must be in compliance with the Payment Card Industry Data Security Standard (PCI DSS). PCI DSS includes requirements for security policies, procedures, management, software design, network architecture and other protective measures.

Point-to-point encryption can help reduce the scope of your PCI compliance, saving your business time and money. Merchants using a PCI point-to-point encryption (P2PE) solution are subject to fewer PCI DSS requirements. The most recent mandates (as of May, 2019) are outlined in PCI DSS 3.2.1.

Building a safer future for commerce

Comprehensive payment security solutions that include encryption can help your business avoid negative fallout from data breaches including fines, fees, and reputational damage. Look for solutions that monitor transactions in real time. When looking for a payments partner, ask for proof points that ensure encryption was implemented correctly, and for tools to address suspicious activity quickly.

Protecting card data is essential to keeping your business safe. Worldpay’s point-to-point encryption solutions encrypt card data at the point of sale, keeping it safe in transit and decrypting it securely at military-grade data facilities. That means your business faces less risk, offering peace of mind knowing that card data never touches your environment.

Worldpay protects your business with secure transactions that minimize fraud and reduce risk—every way your customers want to pay. Connect with a payment security expert to learn more about how payment security technologies like encryption and tokenization can keep your business safe from data breaches and fraud.


Protect your revenue with Point-to-Point encryption

Find out more about what you need to consider before you choose a Point-to-Point encryption solution.