The Payment Card Industry Data Security Standard (PCI-DSS) maintains, evolves and promotes payment card industry standards for the safety of sensitive cardholder data across the globe.
PCI-DSS is a worldwide standard that was set up to help businesses process card payments securely and reduce card fraud. This calls for tight controls surrounding the storage, transmission and processing of cardholder data that businesses handle.
Although achieving PCI-DSS can incur a cost, the consequences of businesses not being PCI compliant can be substantial. Not only might they incur card scheme fines, they may be subject to independent fines, card replacement costs, expensive forensic audits, not to mention brand damage.
The administration cost of achieving PCI-DSS can be reduced by implementing a Point-to-Point Encryption (P2PE) solution.
What is P2PE?
A point-to-point encryption (P2PE) solution is provided by a third party solution provider and is a combination of secure devices, applications and processes that encrypt data from the point of interaction payment card entry until the data reaches the solution provider’s secure decryption environment.
An important element of a P2PE solution is Domain 3 (P2PE Solution Management). Within this domain there is a requirement to manage any third party entity that is involved in the P2PE deployment or ongoing P2PE maintenance of the solution or subsequent services. Another significant element of this domain is the creation and ongoing maintenance of a P2PE instruction manual for merchants (PIM).
Why choose Vista for P2PE Deployment and P2PE maintenance?
We are very proud of the fact that Vista was globally the first to achieve the prestigious third party entity status for its complete lifecycle P2PE service.
Our P2PE maintenance is not a concept or something we are piloting; it is an accredited service that has already been implemented by a significant number of High Street customers.
Vista’s customers can access our extensive knowledge base and experience of PCI-DSS and P2PE; this has proven to expedite the implementation of these projects, reducing costs and complexity.
Our highly secure processes, equipment and tracking methodology means that retailers can rest assured that their chip and pin technology is where we say it is, with reporting at their fingertips and audit trails that are clear and concise.
Vista has received significant praise from leading payment solutions providers and customers with one such provider stating that Vista’s P2PE service was “the most robust in terms of security they had seen throughout the industry”.
Vista Retail Support aims to assist retail, hospitality and leisure IT departments in the deployment and ongoing servicing of PEDs by delivering compliant installation, servicing and P2PE logistics.
By working closely with Qualified Security Assessors and providing a specific training regime, Vista can ensure that services remain fully compliant.
Our processes are based around a continual reporting loop. We receive the PEDs before scanning the serial numbers, checking them against the information issued by the manufacturer; this means that they are in Vista Retail Support’s system and can be reported on from day one and tracked throughout the lifecycle. We liaise with PED manufacturers over repairs and ensure the procedures followed comply with and are signed off by our customers’ QSAs.
This highly secure method dramatically reduces the risk of compromising cardholder data; by using P2PE there is very little room for lapses in security so customers don’t have to worry about any serious financial issues for both them and their customers.
Vista Retail Support have had recent success delivering P2PE compliant services to a number of our UK customers including M & Co, Mothercare, Grafton and The Range.
Vista Retail Support’s P2PE services extend total protection throughout the P2PE process, leaving our customers safe in the knowledge that their sensitive financial issues are being handled by professionals.
If you are contemplating a P2PE deployment or have an ongoing P2PE support requirement our experts would be only too happy to help.