Point-to-point encryption (P2PE) protects cardholder data from cybercriminals by encrypting data from the point where a merchant accepts the payment card to the secure point of decryption.
We sit down with Rush Taggart, CSO of PCI P2PE Solution CardConnect, to discuss the importance of P2PE in protecting cardholder data.
Why is it important for merchants to consider implementing a P2PE solution?
Rush Taggart: In today’s world, data breaches have become commonplace. Companies and institutions should create an impact reduction plan based on the assumption that they will be breached. The implementation of a PCI P2PE solution is the best option if a merchant wants to protect their payment transaction information. It’s a solution that can reduce the validation effort for a merchant’s PCI DSS assessment because it’s an added layer of security in which, from the moment a credit card is swiped or dipped, the information processed is encrypted, protecting it up to the point of decryption in the solution provider’s secure decryption environment. Processing card-present transactions without P2PE makes businesses and institutions far too vulnerable to malware and other threats, and it’s just a matter of time before a system is breached and data is stolen for fraudulent activity.
What made CardConnect decide to go through the rigorous validation process?
Rush Taggart: For us, there was no other way. We knew if we were going to provide a solution that protects payment transactions, it better be validated by P2PE assessors trained and qualified by the very Council that writes the standards that are there to protect our payments ecosystem. It’s our priority to provide solutions that our clients and merchants can trust. Having a P2PE solution that’s validated by a P2PE assessor and listed by the PCI SSC allows us to maintain that trust. It may be a rigorous process, but it’s absolutely necessary and worth the effort.
How do you benefit from your CardSecure P2PE solution being listed on the PCI website?
Rush Taggart: The inclusion of our P2PE solution on the PCI website is a testament to the credibility of our payment security solutions. It gives us the opportunity to show merchants that implementing a solution that’s listed by the PCI SSC can not only provide an added level of protection to their businesses, but also limit the amount of time and money spent to meet applicable PCI DSS requirements.
Is your solution suited to specific industries? Such as education?
Rush Taggart: Our P2PE solution is impactful across a multitude of industries, but I do want to highlight a case study PCI SSC recently published, which shares the story of our work with Northwestern University. They’ve implemented our P2PE solution throughout their sales channels for in-person transactions and mail-in or phone orders, and it has streamlined and better secured their entire payments ecosystem. In addition to protecting the information of its students, faculty, staff and visitors. The University was also looking to simplify their efforts to meet PCI DSS requirements, and the addition of our P2PE within their system did just that. You can check out the case study in the documents section of the PCI SSC website.
How can merchants justify costs to their management?
Rush Taggart: PCI SSC has provided a set of standards that are in place to protect businesses, institutions and their constituents from data breaches and fraud and if they aren’t taken seriously, the consequences can be costly. The average cost of major data breaches these days for some companies has reached $4 million. Implementing the right security solutions, like P2PE, can prevent the devastating impact of a breached system that’s unprotected.
About Rush Taggart
Rush Taggart serves as Chief Security Officer of CardConnect, a payment processing and technology solutions provider.