Point To Point Encryption (P2PE)

What is P2PE?

Point to point encryption (P2PE) provides the most secure and effective solution to protect sensitive cardholder data in combination with EMV and Tokenization, while potentially reducing the cost and scope of PCI DSS and PA-DSS. Encrypted cardholder data has no value if stolen, as only NMI can decrypt the data. Our PCI P2PE solution (for the time being, it’s listed under Creditcall) means developers, ISVs and VARs have a powerful tool that helps protect their merchants from breaches.

How does P2PE work?

P2PE ensures no actual cardholder data is exposed at any time during a transaction. It does this by encrypting the data inside the card reader or payment device, making it useless and void of any value if a skimming attack is attempted. Using the payment industry standard encryption algorithm, DUKPT (Derived Unique Key Per Transaction), a key is injected securely into each card reader or payment device when it’s manufactured and is used to encrypt every single transaction. Each transaction remains encrypted until received by NMI, where we then pass on the decrypted information via our secure payment gateway to the bank or processor for authorization

  1. At the point of card acceptance, i.e. within the card reader or payment device, the card data is securely encrypted.
  2. It can then be passed freely over standard public networks to the payment gateway and processor.
  3. Once within the secure data zone of NMI’s PCI DSS certified payment gateway, it is decrypted and passed to the bank processor for authorisation.

P2PE Benefits

  • Easy integration through the use of our ChipDNA SDK
  • Reduce scope, complexity and compliance cost of PCI DSS
  • Simplified PA-DSS for equipment manufacturers
  • Mitigate the risk of cardholder data fraud
  • Reduce financial liability
  • Reduce software development cost
  • Increased cardholder data protection
  • Simplified payment processing architecture

P2PE vs. PCI P2PE

Only PCI validated and listed P2PE solutions, such as ChipDNA, can reduce the scope of the cardholder data environment, which helps simplify compliance efforts for merchants with PCI DSS.

Implementation

NMI’s ChipDNA PCI P2PE certification covers multiple EMV chip card payment devices often used in retail and hospitality, as well as self-service applications commonly seen in parking, vending or transportation environments.

P2PE can help protect you from:

  • Loss of cardholder data in the event of a breach
  • Brand and reputation damage
  • Loss of revenues
  • Payment brand penalties
  • PCI fines

P2PE Partners

This omni-channel device support is made possible through close collaboration between NMI and the manufacturers’ distribution partners Hemisphere West Europe, Secure Retail, Westcoast and POS Data.