What is Point-To-Point Encryption (P2PE)

Point-To-Point Encryption (P2PE) is an encryption standard established to provide a robust security solution for electronic financial transactions.

BREAKING DOWN Point-To-Point Encryption (P2PE)

Point-To-Point Encryption (P2PE) is an encryption standard established by PCI Security Standards Council designed to provide a robust security solution for electronic financial transactions.  Under P2PE, transaction data is encrypted using the PCI standard from the time customer data is captured at the point of sale until it is transmitted to the payment processor, which decrypts the data and approves the transaction.

P2PE encryption provides increased security to electronic financial transactions. With this robust encryption in place, both merchants and consumers are at decreased risk of exposing personal and financial data during a transaction.

The encrypted data is indecipherable to third parties, so even in the event of a data breach the data is useless to any party without the encryption keys. Encryption keys are never made available to the retailer. While many there are many solutions available to protect customer data and transaction data, including tokenization and EMV authentication for chip-card transactions, P2PE is rated highly by industry stakeholders because it is administered via the PCI Security Standards Council.

P2PE providers include third-party hardware and software encryption solutions, including acquirers, payment gateways and card processors. P2PE providers are required to provide reliable, instantaneous service in electronic transactions in order to maintain P2PE certification.

P2PE and the PCI Security Standards Council

While there are other forms of encryption available on the market to secure transmissions of electronic information, only P2PE solution providers meet the standards set by PC! Security Standards Council.

To meet PCI standards, a P2PE solution must meet the following requirements:

  • Secure encryption of payment card data at the point of interaction
  • P2PE validated applications at the point of interaction
  • Secure management of encryption and decryption devices
  • Management of the decryption environment and all decrypted account data
  • Use of secure encryption methodologies and cryptographic key operations, including key generation, distribution, loading/injection, administration and usage.

The PCI Security Standards Council is a global forum for the financial transaction industry established to develop and enhance security standards in financial transactions. The PCI Security Standards Council was founded by five payment brands, including American Express, Discover Financial Services, JCB International, MasterCard and Visa to establish and deploy the PCI Data Security Standard. While the Council is governed by the five founding members as well as Strategic Members, enforcement of compliance with the standards, as well as determination of penalties for non-compliance, is the responsibility of individual payment brands instead of the Council.