![]() ![]() EMV authenticates the credit or debit card at the point of sale by reading a chip embedded on the card and validating the cardholder with their signature.When ready to be re-used, the token must generally be passed to the tokenization provider, where the original cardholder data is retrieved, decrypted, and utilized. Tokenization is the technology where secure card data storage is centralized and a different value is used to represent the original cardholder data. Tokenization enables merchants and enterprises to safely “store” cardholder data at rest for use in future transactions.By using strong encryption, device management practices, and key management, P2PE is effective at addressing the risk of card data compromise for card data in transit out of the merchant network as it is transmitted to the gateway or acquirer for decryption and processing. The role of P2PE is to immediately and fully encrypt all cardholder data within the payment terminal so it does not enter the POS as clear-text card data. PCI-validated P2PE protects data in transit.Note: “ Only Council-listed P2PE solutions are recognized as having met the rigorous controls defined in the PCI P2PE Standard for the protection of payment card data, as well as meeting the requirements necessary for merchants to reduce the scope of their cardholder data environment (CDE) through use of a P2PE solution.” Our solution prevents clear-text cardholder data from being present in a merchant or enterprise’s system or network where it could be accessible in the event of a data breach. With Bluefin’s PCI-validated P2PE solution, we encrypt cardholder data at the POI in a PCI-Approved PTS device running P2PE validated software and decryption is done off-site in an approved Bluefin Hardware Security Module (HSM). In order for a P2PE solution to receive validation from PCI, the solution, the Solution Provider, and associated players in the overall P2PE solution must undergo assessment and audit by a P2PE Qualified Security Assessor (QSA), before being brought before the Council for approval. The data remains encrypted until it reaches the Solution Provider’s secure decryption environment. A PCI-validated P2PE solution is a combination of secure devices, applications, and processes that encrypt credit card data immediately upon swipe or dip in the payment terminal (also called the Point of Interaction, or POI).
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |