Earlier this month, the Payment Card Industry Council (“PCI”) unveiled the first set of point-to-point encryption (“P2PE”) standards designed for providers of P2PE hardware-based encryption and decryption solutions.  P2PE providers develop for merchants point-of-sale hardware such as payment card readers and electronic cash registers that completely encrypt payment card data from the point the card is swiped at the point of sale to the point when the payment card data is transmitted to the merchant’s payment card processor.  P2PE hardware appeals to merchants because the hardware minimizes the extent to which merchants must store and transmit unencrypted cardholder data.  The PCI P2PE standards provide requirements that are intended to standardize and enhance P2PE hardware solutions. 

For merchants, the P2PE standards have the potential to reduce the scope of compliance and self-assessments under PCI-DSS, which governs merchants’ data security practices for cardholder information from credit cards and similar payment mechanisms.  Merchants that use a PCI-validated P2PE hardware solution will have less of a compliance burden vis-à-vis PCI requirements pertaining to the encryption of sensitive cardholder information.  Merchants will remain responsible for complying with PCI requirements governing the education of employees handling account data, security policies, third-party relationships, and physical security of media.  PCI intends to release a list of PCI-validated P2PE hardware solutions in the spring of 2012. 

Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Mike Nonaka Mike Nonaka

Michael Nonaka is co-chair of the Financial Services Group and advises banks, financial services providers, fintech companies, and commercial companies on a broad range of compliance, enforcement, transactional, and legislative matters.

He specializes in providing advice relating to federal and state licensing and…

Michael Nonaka is co-chair of the Financial Services Group and advises banks, financial services providers, fintech companies, and commercial companies on a broad range of compliance, enforcement, transactional, and legislative matters.

He specializes in providing advice relating to federal and state licensing and applications matters for banks and other financial institutions, the development of partnerships and platforms to provide innovative financial products and services, and a broad range of compliance areas such as anti-money laundering, financial privacy, cybersecurity, and consumer protection. He also works closely with banks and their directors and senior leadership teams on sensitive supervisory and strategic matters.

Mike plays an active role in the firm’s Fintech Initiative and works with a number of banks, lending companies, money transmitters, payments firms, technology companies, and service providers on innovative technologies such as bitcoin and other cryptocurrencies, blockchain, big data, cloud computing, same day payments, and online lending. He has assisted numerous banks and fintech companies with the launch of innovative deposit and loan products, technology services, and cryptocurrency-related products and services.

Mike has advised a number of clients on compliance with TILA, ECOA, TISA, HMDA, FCRA, EFTA, GLBA, FDCPA, CRA, BSA, USA PATRIOT Act, FTC Act, Reg. K, Reg. O, Reg. W, Reg. Y, state money transmitter laws, state licensed lender laws, state unclaimed property laws, state prepaid access laws, and other federal and state laws and regulations.