Point-to-Point Encryption (P2PE)
What is P2PE?
Point-to-point encryption (P2PE) is the Payment Card Industry (PCI) standard for using cryptography to securely collect and exchange payment information from an in-person device or terminal. PCI-validated Point-To-Point Encryption (P2PE) drastically reduces your PCI scope for card present payments and unifies payment data across all channels and processors.
By using P2PE, payment information is unreadable until it reaches a secure decryption environment.
An in-person payment solution is not considered ‘P2PE’ unless it has been reviewed and validated by the PCI council. Solutions that are not PCI-validated certified are not considered P2PE and will incur additional PCI scope.
Key Benefits
*Must be on the PCI-approved PIN Transaction Security (PTS) devices list.
How it Works
Featured Resource
FAQ
A ‘PCI-validated’ P2PE solution, like the one offered by IXOPAY, has passed a rigorous evaluation from the PCI SSC to confirm that it meets the P2PE standard. This is important to ensure appropriate security for in-person payments and reduce PCI scope related to in-person payments.
IXOPAY uses AES encryption to provide modern, strong cryptography for payment transactions. However, our solution also supports TDEA (“Triple DEA”) encryption, which is common in existing hardware.
Yes, when you accept credit card information using the P2PE solution, you will receive a Universal Token that can be used across your different payment processors. This eliminates the burden of storing payment information in multiple systems and makes it easier to unify customer insights across your in-person and online channels.
Yes. Encryption helps secure payment data, but encryption alone does not reduce PCI scope. Using a solution that is not PCI-validated means that your in-person payment flows will be under increased scrutiny during your PCI audit. This will require significant effort from your team to build, document and audit processes to ensure that in-person payment data is handled appropriately.
A PCI-validated P2PE solution can remove your in-person payments from scope and reduce the number of PCI requirements you need to meet by up to 90%. This reduced scope translates to less time your team spends on preparing for audits and more time spent on other critical security initiatives.
The IXOPAY P2PE solution supports any payment device or terminal on the PCI-approved PIN Transaction Security (PTS) devices list. Please refer to this list of PCI-approved PTS devices.
We are currently in the process of gaining approval for PIN-based transactions for our P2PE solution. Please request a demo with us if you are interested in this feature so we can update you on the timing for approval.