Point at which card is inserted/swiped into the device for checkout.
Point at which bank processes the transaction and sends a response to the Point of Transaction Device at checkout.
Takes store completely out of scope as far as PCI compliance is concerned.
Ensures that valuable cardholder data is secured and protected completely.
Decreases PCI compliance cost considerably, due to removal of stores from PCI Scope
Eliminates the need for investing in costly VPN networks.
Even if advisory can steal data from a communication channel, the P2PE solution makes stolen data less valuable.
As all security is taken care, P2PE solution allows retailers to focus on the core business.
By simply using P2PE-compliant PED devices, merchants can remove their stores from the scope of PCI DSS compliance, and apply security in place at the device level.
SISA is an expert in the field of Payment Security and provides wide variety payment protection solutions. SISA is a Qualified Security Assessor (QSA) for PCI, eligible to conduct audits and assessment for firms in card payment industry. As a part of P2PE compliance, SISA checks the following:
Encryption Device Management
Segmentation between Encryption and Decryption Environment
Decryption Environment and Device Management
P2PE Cryptographic Key Operations
SISA approves the P2PE instructions manual if it falls in sync with the actual setup. SISA provides resellers/vendors sufficient guidance.
SISA being a PCI certified entity submits (post evaluation) PCI PTS compliance reports to PCI SSC for listing and approval.
SISA submits Attestation of the Validation document to PCI-SSC.