Cybersecurity Insights

Benjamin Hosack

Foregenix certifies the world's first PCI P2PE v2 Application

25/03/2016, 14:36

Foregenix has certified the world's first PCI P2PE version 2 application for Optomany.

Foregenix is the global leader in assisting and certifying over 40% of the PCI P2PE solutions and over 80% of the PCI P2PE Payment Applications globally.

Working with Optomany, Foregenix assessed all aspects of the axept® application including development practices, encryption key management and the handling of sensitive cardholder and authentication data, resulting in an Attestation of Validation (AOV) from Foregenix and the Payment Card Industry (PCI) Security Standards Council confirming validation with the new internationally-recognised standard.

Version 2 is the logical evolution of the Point-to-Point Encryption standard from the PCI Security Standards Council, which came into effect in September 2015 and is far more comprehensive than its predecessor. By using P2PE, account data (sensitive cardholder and authentication data) is unreadable until it reaches the secure decryption environment, which makes it less valuable if the data is stolen in a breach. P2PE version 2 solutions reduce where and how PCI DSS requirements apply to merchants, which helps simplify compliance efforts.

Key Benefits of P2PE include:

  • Makes account data unreadable by unauthorised parties
  • “De-values” account data because it can’t be abused – even if stolen
  • Simplifies compliance with PCI DSS
  • The P2PE Self-Assessment Questionnaire includes only 26 PCI DSS requirements
  • Offers a powerful, flexible solution for all stakeholders

Commenting on the certification, Marc White, Chief Security Officer at Optomany, said:

“As a leading payment acceptance solution provider, security is in our DNA and the protection of customer data is integral to our business. A global first is a fantastic achievement, but of far more importance to us are the benefits we can bring to our customers through simplified PCI DSS compliance and risk reduction.”

Jeremy King, International Director of the PCI Security Standards Council, said: “Expanding the availability of solutions for merchants that make account data unreadable and less valuable to criminals if stolen in a breach is a key priority for the PCI Security Standards Council. In achieving the first PCI Point-to-Point Encryption (P2PE) version 2 validated application to be used as part of a PCI P2PE solution, Optomany Ltd joins a selective group of industry leaders that are driving merchant adoption of PCI validated P2PE products to devalue cardholder data.”

Andrew Henwood, CEO, Foregenix, said: "Achieving compliance with the PCI P2PE standard is a significant challenge for any organisation. As the first PCI P2PE version 2 validated application, both the Optomany and Foregenix teams have achieved a world first and the effort and commitment to do so is highly commendable. Many congratulations to the team at Optomany for this achievement.

“As can be seen from the all too regular news headlines concerning hacked businesses losing their client data, businesses are struggling to compete in a highly competitive market, while still protecting their client data effectively. The benefits that PCI P2PE version 2 bring to merchants are significant from a security improvement and risk reduction perspective as well as drastically simplifying their PCI DSS challenge.  

“We would strongly advise any merchant looking at their payment security to consider the merits of PCI P2PE, especially the newly released PCI P2PE version 2 with many great enhancements over the prior versions. We compliment Optomany for being the first entity globally to have obtained this latest validation of their PCI P2PE solution.”

TRENDING POSTS