Point-to-Point Encryption (P2PE) technology makes data unreadable so it has no value to criminals even if stolen in a breach. Merchants can take advantage of this technology with a PCI P2PE solution, a combination of secure devices, applications, and processes that encrypt payment card data from the point where a merchant accepts the payment card to the secure point of decryption.
PCI P2PE Solutions are validated by a specially-trained P2PE QSA as meeting the rigorous security requirements of the PCI P2PE Standard and are listed on the PCI Security Standards Council (PCI SSC) website. These solutions can greatly simplify merchant efforts to comply with the PCI Data Security Standard (PCI DSS), by reducing where and how PCI DSS requirements apply. Worldpay’s omni-channel payments solution Worldpay Total P2PE is now listed on the PCI SSC website as a PCI P2PE Solution. In this blog post, we talk with Tracey Long, Senior Payment Data Security Manager, on the benefits of PCI P2PE Solutions to merchants and in addressing growing fraud. Worldpay is a member of the PCI SSC Board of Advisors.
Congratulations on Worldpay’s successful PCI P2PE validation and solution listing! Can you tell us briefly what role Worldpay plays in the payment process?
Tracey Long: Worldpay is a global payments company. We provide gateway and acquiring services for over 400,000 customers worldwide, allowing them to accept a wide range of payment types around the world. Using our network and technology, we are able to process payments across 146 countries and 126 currencies and help our customers to accept more than 300 different payment types.
In the UK we have a 42% market share enabling businesses of all sizes sell more to their customers by accepting card payments in-store, online, via mail or telephone, and on the move.
How does a PCI P2PE Solution benefit your merchant customers?
Tracey Long: Gaining the latest PCI P2PE Version 2 certification for our omni-channel Worldpay Total P2PE solution, building on our existing Worldpay Total proposition, has been a big area of focus for the business. We’re now uniquely positioned to offer our UK customers a single, scalable solution to handle payments processing and reduce the complexity of becoming PCI DSS compliant.
Too often we see the ever increasing complexity of compliance on financial and operational resources of retailers. By being able to provide a validated and listed PCI P2PE Solution to our customers, they will be able to devalue cardholder data in the face-to-face environment and reduce the number of PCI DSS requirements.
By deploying P2PE in their cardholder data environment, these retailers are implementing better security protocols, which in turn will make compliance easier to achieve and maintain – and is also reassuring for their own customers at the end of the day.
Are you seeing more interest in P2PE from merchants in the UK?
Tracey Long: Absolutely. P2PE is now a regular topic of discussion between Worldpay and our customers – there is now much more awareness of the benefits of P2PE than there was two to three years ago, but there’s always still work to be done.
Security is at the heart of everything that Worldpay does and we’re in the privileged position to be able to guide our customers through what can be a complex subject. As such, we have invested a lot of time working with our customers to ensure that we offer them the benefit of our expertise in these technologies; through being part of the PCI SSC Board of Advisors, merchant seminars, regular meetings and our quarterly newsletter.
How do you see P2PE playing a role in combatting increasing fraud in the UK?
Tracey Long: Fraud is an ever present threat within the payments industry. Behind every card is a person, the consumer, and that customer expects their card data to be protected. While there is value in the card payment data held by merchants, fraud will continue to increase, and cardholder data will continue to be stolen and sold for the purposes of funding crime. By adopting a validated PCI P2PE Solution, the data is devalued to the fraudster, as it is encrypted from the card terminal to the point of decryption at the payment processor, meaning that it cannot be intercepted and used fraudulently. PCI P2PE is a fantastic way of making the cardholder data valueless.
Worldpay is committed to promoting technologies that afford a more robust security landscape for our customers, one where cardholder data is encrypted and devalued to criminals.