The Challenge Of Point To Point Encryption

Are data security breaches making you restless? Point to point encryption is one of the most popular methods of thwarting credit card fraud. Credit card fraud costs the payment industry billions per year. Magnetic stripe card technology is still widely prevalent in the United States today. These methods cannot prevent fraud using lost or stolen cards. But, they prevent criminals from accessing the card data at the point of sale. Protecting data at the point of capture can have the greatest impact in terms of reducing the security breaches.

Addressing fraud

P2PE has proved to be the most logical route to address fraud. No doubt, they help meet the merchants’ security needs. Point to point encryption, better known as p2pe is sometimes referred to as e2ee.It encrypts card data from the entry point of a merchant’s point of sale device to a point of secure decryption outside the merchant’s environment. It transmits the data to a payment processor. The sole purpose of P2PE and E2EE is to address the risk of unauthorized and illegal interception associated with the card holder data in motion during the time of transmission from the POs terminal to the payment processor.

Protection of sensitive information

Encryption which is a means of concealing sensitive information has been utilized in various civilizations over the centuries. Credit card holders, merchants, processors, acquiring banks always tend to protect sensitive information and hence reduce credit card fraud combination of education programs, compliance mandates and hardened systems can work together in this direction to provide the best protection possible.

Encryption of the credit card data is a viable tool which would render the data useless in the event where fraudsters gain access to the information. Point to point encryption is the ideal state in which the credit card numbers and all the other sensitive information is encrypted right from the point of entry (card swipe) to the other end (the issuing bank).

Public key infrastructure

Encryption at the software level can be achieved using a public key infrastructure (PKI). But it does not provide the same level of encryption accomplished by the hardware in compliance with TRSM. It provides a tough layer of security for the payment applications. When there is no encryption available in the merchant’s card swipe wedge attached to a POS device, the software solution comes in handy. It provides the necessary added protection provided that a public key scheme is deployed. The major advantage of this solution is that the encryption occurs at a software level and thus there is no need to upgrade the physical hardware as long as the POS device is payment card industry (PCI) compliant.

Tamper Resistant Security Module

Encryption of the customers’ card data at the hardware level is done within a Tamper Resistant Security Module (TRSM), better known as Secure Reading and Exchange of Data module (SRED) within the POS device near the magnetic stripe read head. It provides a safe environment within the ATM or Payment Device. It is one of the most effective tools in card fraud management.

Should one encryption method be adopted over another? Point to point encryption solution provider has various responsibilities. Encryption and decryption devices should be validated. There has to be secure device management, encryption and decryption operations. The management of cryptographic keys and applications must be safe. There should be appropriate monitoring of controls.