As the number of reported security breaches continues to rise, many individuals and businesses are asking what can be done to further defend against cyber crime. One approach that has drawn much attention lately is encryption. By encoding messages so that only authorized parties can read it, information is kept more secure.
Google, Yahoo, and other major internet players are coordinating efforts to provide their users full encryption of information accessed and sent. In addition, businesses are pursuing an extra layer of security by requiring payment card data to be encrypted at the point of interaction, an approach known as Point-to-Point Encryption, or P2PE.
In P2PE, cardholder data is encrypted as it travels through the transaction process, from the POS to the processor/acquirer. The business has no ability at all to decrypt this cardholder data.
Contrast this scenario to the business that has no P2PE in place. Without P2PE, cardholder data is not encrypted at the POS, and the business has access to this data throughout the transaction process.
In an effort to increase security, reduce risk, and limit liability, many businesses are pursuing P2PE. In fact, many of our clients have requested P2PE validation in addition to their annual PCI audits. As a result, Dara Security has earned the P2PE certification and is pleased to offer P2PE validation.