Earlier this month, the Payment Card Industry Council (“PCI”) unveiled the first set of point-to-point encryption (“P2PE”) standards designed for providers of P2PE hardware-based encryption and decryption solutions.  P2PE providers develop for merchants point-of-sale hardware such as payment card readers and electronic cash registers that completely encrypt payment card data from the point the card is swiped at the point of sale to the point when the payment card data is transmitted to the merchant’s payment card processor.  P2PE hardware appeals to merchants because the hardware minimizes the extent to which merchants must store and transmit unencrypted cardholder data.  The PCI P2PE standards provide requirements that are intended to standardize and enhance P2PE hardware solutions. 

For merchants, the P2PE standards have the potential to reduce the scope of compliance and self-assessments under PCI-DSS, which governs merchants’ data security practices for cardholder information from credit cards and similar payment mechanisms.  Merchants that use a PCI-validated P2PE hardware solution will have less of a compliance burden vis-à-vis PCI requirements pertaining to the encryption of sensitive cardholder information.  Merchants will remain responsible for complying with PCI requirements governing the education of employees handling account data, security policies, third-party relationships, and physical security of media.  PCI intends to release a list of PCI-validated P2PE hardware solutions in the spring of 2012. 

Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Mike Nonaka Mike Nonaka

Michael Nonaka is a partner in the firm’s Financial Institutions practice group. He represents banks and other financial institutions on a wide variety of bank regulatory, enforcement, legislative and policy issues.  Mr. Nonaka also is co-chair of the firm’s Fintech Initiative and works…

Michael Nonaka is a partner in the firm’s Financial Institutions practice group. He represents banks and other financial institutions on a wide variety of bank regulatory, enforcement, legislative and policy issues.  Mr. Nonaka also is co-chair of the firm’s Fintech Initiative and works with a number of banks, lending companies, money transmitters, payments firms, technology companies, and service providers on innovative technologies such as big data, blockchain and related technologies, bitcoin and other virtual currencies, same day payments, and online lending.