Why is PCI P2PE compliance important to retailers?

To reduce card fraud, the Payment Card Industry Data Security Standard, or PCI DSS, was implemented to regulate the ways in which businesses handle, store, process and transmit cardholder data.

Because of the sensitive nature of the data handled during credit card payment processing, retailers are expected to adopt PCI. If a retailer is not PCI compliant and loses the card data of a customer to fraudsters, they could potentially incur fines as well as being liable for any losses to the account in question. In addition to this, non-compliant retailers may also have to cover the operational costs associated with replacing compromised accounts.

The financial burden of falling foul of PCI compliance is just one factor in how a business could be affected – the reputational damage alone could be enough to cause a company to fail, as a decrease in consumer confidence in the aftermath of a data breach could lead to lost revenues to the point where the business never totally recovers.

Understanding P2PE

Encryption technology is used to “scramble” card data as soon the card has been inserted into a card reader at a POS terminal before any data is sent to the payment service provider. This means no unencrypted data is ever transferred, and this process is known as Point to Point Encryption, or P2PE.

This incredibly secure method of data transferral drastically reduces the risk of cardholder data becoming compromised, leaving very little room for lapses in security.

PCI and P2PE in the future

While current encryption protocol has served retailers well for several decades, the increase of mobile payment trends has led many to question the long-term future of PCI, given that the new generation of payment systems make use of technologies like tokenisation, which allows for card details to be removed entirely from the retailer. The good news is that AltaPay’s PCE P2PE solution enables easy PCI DSS compliance for multinational organisations, while also offering more convenient means of handling payments, returns and customer monitoring.

However, most mobile transactions are in a face-to-face setting and, given the enhanced encryption implemented by mobile payment service providers, these transactions are already pre-configured for PCI compliance. Neither the customer nor the merchant sees any relevant card data, eliminating the potential for skimming and fraud. While these sorts of payment habits may take a short while to gain the same sort of popularity as card transactions, the future is looking increasingly mobile - as of 2018, it is estimated that 166 million people worldwide make use of mobile payment technology, which means the future of PCI compliance looks good for retailers.

Source for mobile payment statistics: www.statista.com.