PCI-Validated P2PE
Secure encryption of payment card data.
A PCI-validated P2PE solution includes a combination of secure devices, applications, and processes that encrypt data from the POI.
A PCI-validated P2PE solution includes a combination of secure devices, applications, and processes that encrypt data from the POI— for example, at the point of swipe or dip in the terminal—until the data reaches the solution provider’s secure decryption environment. If malicious activity is detected, the device is disabled, preventing a breach at the point of entry or POI device.
In many businesses, sensitive payment data is still exchanged in the open within the call center. Even security-conscious companies find adequately securing their call center environments challenging, often because the centers are geographically dispersed and the requisite technology solutions are expensive and complex to deploy. As a result, these centers and environments are in Payment Card Industry Data Security Standard (PCI DSS) scope and remain vulnerable to hackers and malware attacks.
CyberSource and Bluefin have partnered to introduce a validated PCI Point-to-Point Encryption (P2PE) standard-based solution1 for securing call center operations. This solution encrypts cardholder data at the point of interaction (POI) using a PCI-approved P2PE device. Transactions are processed by the CyberSource platform, and decryption is performed off-site in an approved Bluefin Hardware Security Module (HSM). By deploying this solution, you can remove clear-text cardholder data within your call center and reduce the payment security risk posed by hackers and malware. Protecting your systems against such potential threats helps you safeguard your brand reputation in the event of a breach.