Cybersecurity Insights

Jake Dennys

P2PE: How, what and why – The PCI SSC Latin America Forum.

09/08/18 11:49

We’re excited to be showcasing a Point-to-Point-Encryption led presentation at the PCI SSC Latin America Forum on August 15th. As industry leaders for P2PE, we are always keen to share our knowledge and prowess in the sector. Christian Charette, Director of Consulting and Risk Services and Guilherme Scheibe, Managing Consultant will be taking centre stage to deliver the presentation at 16:30.

Validated P2PE Solutions are used globally for the protection of cardholder data. In Latin America, this type of solution is still considered a myth. Our session will bring a global perspective with the P2PE ecosystem to show attendees a real-life P2PE solution, the steps to achieve it, and the benefits involved.

In 2016 we certified the world's first PCI P2PE version 2 application for Optomany and we certify over 40% of the PCI P2PE solutions and over 80% of the PCI P2PE Payment Applications globally.

More recently we certified a P2PE solution for ACS, which subsequently led to the first company in South Africa to reach the requirements for the P2PE standard.

The PCI SSC Latin America Forum is taking place in Brazil and is being dubbed ‘THE data security event of the year for the payment card industry’. The forum exists to encourage a global, cross-industry effort to increase payment security by providing industry-driven, flexible and effective data security standards and programs that help businesses detect, mitigate and prevent criminal attacks and breaches.

There’s a real buzz around payment security in South America and we are more than happy to be able to present at one of the leading industry events. If you’re attending and would like to talk with us about your cybersecurity posture, get in contact with us!

_________________________________

What is P2PE?

PCI P2PE is the encryption of payment card data from the point of interaction (the chip and PIN device – otherwise known as the PIN Encrypting Device) and then the decryption of the payment card data within a secure environment (generally within the payment processor or acquiring bank) using an approved cryptographic algorithm.

The PCI P2PE is a very detailed standard, requiring a considerable number of controls to be in place to ensure that the resulting solution protects the payment card data appropriately.  However, in simple terms, the focus is mainly in the following three areas:

  1. Managing encryption and decryption devices securely and ensuring chains of custody.
  2. Manage cryptographic keys securely.
  3. Building and managing all the applications that run on the devices securely.

If you’re on your P2PE journey and would like to know how we can help you, or simply interested in knowing more about the subject, click the link below for further information.

View P2PE, PIN AND PA DSS SERVICES

TRENDING POSTS

David Kirkpatrick
Penetration Testing: The Quest For Fully UnDetectable Malware

Malware continues to be one of the main attack vectors used by criminals to compromise user and ...

Read More
Kirsty Trainer
"Key" to Secure Data - P2PE - Derived Unique Key Per Transaction (DUKPT)

Written by Andrew McKenna, PCI QSA, PCIP at Foregenix The encryption key infrastructure usually ...

Read More