As mentioned below, there are a couple of ways to prevent data breaches once the card numbers get to your point-of-sale software. The one hole that we haven't yet addressed is how to protect it before it gets to your software.
Point-to-Point Encryption (P2PE), also called End-to-End Encryption (E2EE), is the solution for that problem. With this technology, the payment terminal is no longer an independent device that exchanges data with the POS software. Instead, it is controlled by the POS software and/or credit card gateway, which allows it to encrypt the card number at the payment terminal and then maintain that encryption all the way through. Ideally, this encryption will be implemented for card data scanned through the credit card reader, as well as for card numbers manually entered through the payment terminal keypad.
The beauty of this technology is that it eliminates the potential for malware to grab credit card data between the time it is scanned or entered, and the time it reaches the POS software. In fact, it is so effective that it has the potential to actually reduce a merchant's scope for PCI compliance!
Next week, I'll go over how all of these technologies fit together and offer some advice on what to do with all of this information.
--Lynda
Point-to-Point Encryption (P2PE), also called End-to-End Encryption (E2EE), is the solution for that problem. With this technology, the payment terminal is no longer an independent device that exchanges data with the POS software. Instead, it is controlled by the POS software and/or credit card gateway, which allows it to encrypt the card number at the payment terminal and then maintain that encryption all the way through. Ideally, this encryption will be implemented for card data scanned through the credit card reader, as well as for card numbers manually entered through the payment terminal keypad.
The beauty of this technology is that it eliminates the potential for malware to grab credit card data between the time it is scanned or entered, and the time it reaches the POS software. In fact, it is so effective that it has the potential to actually reduce a merchant's scope for PCI compliance!
Next week, I'll go over how all of these technologies fit together and offer some advice on what to do with all of this information.
--Lynda