Point-to-point encryption technology encrypts card data from the payment terminal up to a point of secure decryption located within Ingenico data centers and thus outside of the merchant environment. With this solution in place the complete merchant’s infrastructure becomes “out of scope”, avoiding merchant to run complex and costly PCI DSS audits of their in-store networks, while meeting the highest level of security when processing card payments.
It is mandatory for merchants to use a PCI-P2PE listed solution, in order to benefit from the simplified and cost-reduced PCI DSS validation process. ‘By upgrading the P2PE assessment achieved in 2014 and by now aligning with the latest P2PE version 2 of the standard, Ingenico Group confirms its leading position on the market to provide state-of-the-art PCI DSS de-scoping solution to its merchants,’ explains Stéphane Jacquis, Managing Director, Omni-Channel Services at Ingenico Group.
P2PE version 2 is an evolution of the P2PE standard which significantly simplifies the deployment rules of P2PE activated devices for merchants, and brings more flexibility in the certification process for P2PE solution providers.
The scope of the current certification covers the service platform performing the decryption, the full range of terminals, including new Telium Tetra terminals and a complete portfolio of payment applications notably nexo-Fast application, and Remote Key Injection capabilities that can be used to activate P2PE feature on terminals deployed on the field.
As a complement to the P2PE feature, Ingenico provides tokenization services to merchants willing to track the purchasing journey of their consumers across channels. A single token is returned for online and in-store transactions, replacing the PAN that is protected and rendered unusable once P2PE is activated.