PXP Financial Blog l PXP Financial

Reducing data security liability

Written by Lisa Middleton | July 5, 2019 at 11:30 AM

Accepting card payment is a necessary part of running a retail business. But storing, processing and transmitting card data comes with risks. Our hosted point to point encryption (P2PE) and tokenisation services help you take card payment without taking card data, thereby reducing your liability and PCI DSS scope.

Point to Point Encryption (P2PE)

The majority of card data security breaches involve malware that harvests the card data from the memory of point-of-sale (POS) applications. Encrypting data from the moment it enters your systems means you never see sensitive cardholder data in the clear. This helps reduce your risk in the event of a breach, the associated costs (e.g. lost revenue, damage to brand, reputation, trust), plus your PCI DSS scope.

PXP offers P2PE as a managed service for customers as an application or as a full solution. Both have been tested by trained P2PE assessors against the PCI DSS standard.

P2PE application

This is software focused on the POS device and connection out to PXP.

Providing there is no other interaction with the card or PIN entry device, data is scrambled the moment it enters your system. You can be assured that you are not seeing such data in the clear on your systems.

As it is a software application, the P2PE application cannot tell if PIN entry devices have been tampered with prior to installation. Nor does it guarantee that card data is not being captured elsewhere in your system. Or minimise the time a compromised device remains in operation.

P2PE solution

This is a full end-to-end service and includes business processes for securing your terminal estate. It includes provisions around terminal deployment, security, maintenance and storage (sometimes known as ‘chain of custody’).

You can be assured that the PIN entry device has not been tampered with prior to installation, and that it has been installed securely by a trained engineer. However, the operational overhead around time, cost and expertise is higher for the P2PE solution compared with the P2PE application.

Tokenisation

Tokenisation replaces sensitive card data with a token, which can be used across various front and back-end systems instead of the real card data. This simplifies compliance with data security requirements, and also delivers operational, cost and marketing efficiencies.

Historically you may have stored card data to perform certain tasks, such as matching refunds with sales, making reservations, or releasing pre-booked tickets for collection. You can still perform all these operations using tokenised data instead. Our system is compatible with any front-end business application interfacing with PXP’s API.

Creating tokens does not significantly impact processing time. So, there is minimal impact on speed of service at busy times, queue lengths or sales conversion.

Our tokenisation service is also available retrospectively. If you have card details stored, we can tokenise them without completing a transaction, which enables you to deliver a consistent experience to customers through consistency on the back-end.

As well as being backwards compatible, tokenisation also helps set your business up for an omni-channel future. Our tokenisation works across sales channels, geographies and sub-brands within your group. This helps minimise project scope and costs when expanding cross-channel or cross-border.

PXP Financial

The End-to-end payment platform

PXP Financial provides a single unified payments platform to accept payments online, on mobile and at the point of sale. Powered by inhouse global acquiring, 200+ alternative payment methods & financial services, PXP processes over EUR 16 billion annually through our unified gateway.

Whatever your business needs today or tomorrow, PXP Financials’ innovative payment platform will support your business growth with all the payment services you will ever need from one source, wherever your business takes you.