Securing Stored Cardholder Data — Another Layer To The EMV Puzzle

By Jeremy Gumbley, CTO of Creditcall

By Jeremy Gumbley, CTO of Creditcall

While recent data breaches in the U.S. have put the spotlight on EMV transactions and the how the U.S. is behind the rest of the world in payments security, there is a “second tier” of security that can be taken on top of implementing EMV. EMV is a viable and necessary weapon in the battle to protect consumers’ data — but there are other layers of security that can further protect consumers’ card information that should serve to mitigate the fallout from future breaches.

In this article, I have outlined two examples of the most viable security solutions that can be paired with EMV to create even more secure merchant environments to make future customer data breaches less desirable for hackers.

P2PE Or Point-To-Point Encryption

With P2PE, cardholder data is secured via encryption when the card is inserted and can only be decrypted by the bank, processor, or payment gateway. This means that sensitive data can be transmitted or even stored by the merchant without worrying about protecting it.

The PCI Point-to-Point Encryption (P2PE) Standard ensures that a solution meet the requirements for card data protection. PCI P2PE also de-scopes the merchant from some of the problematic areas of PCI DSS making it a win-win for the merchant and the industry.

As security has many layers, P2PE offers a responsible solution to the problem of cardholder data security, showing that the merchant has done as much as it can to protect their consumers. Implementing both EMV and P2PE offers the most secure transaction environment possible that is currently available. Fortunately most EMV-capable PIN pads incorporate a P2PE scheme.

Please log in or register below to read the full article.