For years now, the Payment Card Industry Security Standards Council (PCI SSC) has been the driving force behind the definition, articulation, and enforcement of security requirements for the payments industry. The PCI SSC has developed several standards, including the PCI Data Security Standard (PCI DSS), Payment Application Data Security Standard (PA-DSS), and PIN Transaction Security (PTS) requirements.
The same organization also defined PCI Point-to-Point Encryption (P2PE) standards. Through these standards, the PCI SSC details how providers of P2PE solutions can validate their solutions, and how, by leveraging these validated solutions, merchants can reduce the scope of their PCI DSS assessments.
Larger merchants may have hundreds or thousands of stores, which will mean there are thousands of point-of-sale (POS) systems and PIN entry devices (PEDs) that will be in scope and must be brought into compliance. Achieving and maintaining compliance is a complex, time consuming and costly process.
Simply by deploying a P2PE-compliant PED devices, merchants can effectively remove their stores from the scope of PCI DSS compliance. Consequently, for the vendors that serve the merchant community, delivering P2PE-compliant offerings to market can present a massive opportunity.
The P2PE standard includes a number of requirements relating to the use of Hardware Security Modules (HSM) for encryption, decryption, and key management. Only a small number of vendors have the ability to offer P2PE-compliant solutions, and the SafeNet Payment HSM has played a key role in helping these vendors bringing their P2PE solutions to market.
"In developing the Solve DataShield offering, it was vital that we effectively comply with all the relevant PCI P2PE standards, including robust key management policies. Gemalto SafeNet Luna EFT HSMs delivered all the security capabilities that were required, while providing a platform that we could deploy quickly and manage efficiently."
- Nick Stacey, Dir. of Business & Market Operations at The Logic Group