How Encryption can be Used to Reduce PCI Scope
Every payment environment faces the risk of breach, thanks to the sophisticated methods criminals have found to steal data. Point-of-Sale environments have gained a lot of attention in recent years, as one of the most vulnerable areas exploited by cyber attacks and vicious malware. This attention continues to grow with the emergence of EMV (Euro MasterCard Visa) chip and pin credit cards, advanced tokenization and encryption. Deploying these options in a POS environment can significantly increase the security of card-present transactions and benefit any business aiming to reduce PCI Scope.
EMV + P2PE = Secure Card Data
It's important to invest in reader devices that support EMV card transactions because EMV cards will be carried by a large portion of consumers in the foreseeable future. The alternative options of processing these payments are discouraged by the Liability Shift that will take hold in October of this year. The EMV Liability Shift transfers the financial responsibilities of card fraud to the merchant if the transaction is processed on a non-EMV equipped device. The good news is that investing in new EMV hardware is also an investment in securing your payment environment because most reader devices with EMV also offer advanced encryption and tokenization. Encrypted reader devices will essentially cloak credit card #'s at first "swipe", all the way through the duration of the transaction. This process is also referred to as P2PE, an acronym for Point To Point Encryption. Any hacker that gains access to a network with P2PE protection will not retrieve any usable data. A compelling reason for merchants to switch and upgrade the hardware devices used for Point-of-Sale payment capture.
P2PE & PCI DSS Scope
PCI DSS Compliance can be expensive both financially and in the time and resources an organization must devote to this annual process. Neither EMV or P2PE are required for PCI Compliance, however they can be leveraged to significantly reduce the scope of a payment network. With P2PE, card data is encrypted at the earliest possible point and remains encrypted as it's delivered to the processor. PCI Scope includes any exposure of card data, so P2PE significantly reduces the size of the impacted payment network.
October 1st is only a few months away. If your organization wants to avoid the financial liability of credit card fraud, EMV hardware upgrades should be seriously considered. Make the most of your investment by choosing advanced technology that will cast a protective net over your payment environment and reduce PCI Scope.
iPayX offers ValutaPort, a combination of encrypted devices and tokenization services that cast a protective net around accepting card payments. ValutaPort supports EMV (Euro/MasterCard/Visa) to thwart identity theft and is coupled with card cloaking to complete the protection net.