June 3, 2019 | News

Vista achieves a Global 1st in P2PE

Global First

Vista Retail Support is delighted to announce that it has become the first in-store hardware support provider to achieve an accredited entity status in its own right for P2PE.

The importance of P2PE for retailers was recognised a long time ago by Vista so rather than hang on the coat tails of a merchant or a payment solutions provider to gain a P2PE accreditation for its services, Vista went out to become a P2PE entity in its own right. This means that when a retailer decides to transition to a P2PE environment, Vista’s P2PE process is already certified and will fit into any solution provider’s PIM document; this will save retailers thousands of pounds in costs and process design – as Vista has it all ready to go.

What is P2PE?

The Payment Card Industry Data Security Standard (PCI-DSS) is a multifaceted payment security solution that instantaneously converts confidential credit card data and information into indecipherable code at the swipe of the card to prevent hacking and fraud.  PCI-DSS is a worldwide standard set up to ensure businesses can securely process card payments; thereby reducing the likelihood of card fraud. Using robust controls to deal with the storage, transmission and processing of the cardholder data, businesses are able to diminish the potential for fraudulent activity throughout the lifecycle of their customers’ data within their business; be it from the initial deployment of payment devices through to the destruction of devices once they have reached a state where they are no longer able to be repaired.

Although not yet mandatory, the adoption of PCI-DSS practices is seen as a high priority, especially for retailers, due to the sensitivity of the data that is handled in this process.  If a retailer isn’t PCI-DSS compliant and loses customer card data they risk the possibility of incurring card scheme fines and may also be liable for the fraud losses incurred against these cards and the operational costs associated with replacing the accounts.

With the imminent introduction of the GDPR from European Law, organisations will have to contend with stricter regulations, loftier penalties and exaggerated expectations from customers to ensure the security of personal data.

PCI’s encryption technology scrambles card data at the point it is inserted into the PIN Entry Device (PED) even before the data is sent to the Payment Service Provider, meaning no unencrypted data is transferred – this is referred to as Point to Point Encryption or P2PE.

To comply with P2PE, the PEDs have to be securely stored, tamper-checked for security breaches as well as being delivered and installed securely – deployment and ongoing servicing of PEDs are often the weak link in the chain.

What does this mean to our customers?

In a nutshell, this means that Vista has been attested for the provision of services for deployment and support of the pin entry devices. This is important as, for the first time, the merchant doesn’t need to worry about the physical movement of devices once the manufacturer has dispatched them to Vista.  Vista’s process has been scrutinised and approved by one of the world’s leading independent qualified security assessor organisations (QSAs) and can fit into any retailer’s PIM without having to be reassessed to the same degree as other services providers that are not an accredited entity. This is a massive time-saver for customers; meaning they can transition to a P2PE service quickly and easily as well as saving money on additional costs such as audit visits of the service provider’s facility to check the processes they have in place. Obtaining this attestation will not only facilitate future customer and business requirements but will also allow Vista to provide assurance to customers that it adheres to the P2PE protocols across its service catalogue.

Vista Retail Support offers customers a unique, comprehensive P2PE service starting when the PEDs arrive from the manufacturer, through the installation and deployment and ongoing break-fix maintenance service, including the storage and logistics of P2PE equipment.  This highly secure method dramatically reduces the risk of compromising cardholder data; by using P2PE there is very little room for lapses in security meaning our customers don’t have to worry about any serious financial issues for both them and their customers.

Vista Retail Support has had recent success delivering P2PE compliant services to a number of our UK retailers as well as having upcoming P2PE projects with a number of other customers.  Prior to obtaining its independent RoV, Vista has also successfully facilitated a number of visits from its customers’ QSAs to our facility. These visits were instrumental in assisting our customers to secure their own P2PE Attestation of Compliance (AOC) and Report of Compliance (ROC).

Vista Retail Support’s P2PE services extend total protection throughout the P2PE process leaving our customers safe in the knowledge that their sensitive financial issues are being handled by professionals.

For more information about our services and how we can help your business, please contact us.