Skip to content

Fraud Victims Rise, Encryption Schemes Leaving Security Gaps

In today’s digital world, encryption schemes are everything. Are you absolutely sure your business is protected? Recent reports might cause you to take a closer look at how you’re protecting your customers’ sensitive information.

At the point of sale, there are two encryption options: PCI-validated point-to-point encryption (P2PE) solutions and nonlisted encryption solutions, which lack several key requirements. The PCI Security Standards Council has validated 60 P2PE solution providers. However, there are also hundreds of nonlisted encryption solutions that are known as end-to-end encryption (E2EE) solutions.

“The trouble with unlisted solutions is that there may be no way for a merchant to know whether the provider has fully addressed the controls identified by the PCI Security Standards Council as necessary to properly protect the account data,” according to Coalfire, a P2PE assessor.

“Many of the unlisted solution providers Coalfire has reviewed do use very secure processes; however, since unlisted solutions have not been assessed under the standardized PCI P2PE framework by qualified assessors, merchants using these solutions may still need to implement additional security countermeasures to ensure threats associated with the absence of these controls.”

P2PE solutions that are validated have been assessed by a P2PE security assessor and have met the PCI P2PE standard. Those that have not been validated – nonlisted solutions – are missing the following key points:

  • Key management. The problem with poor key management is that it leaves the door wide open for hackers to comprise keys and unlock encryption. Nonlisted solutions do not have their key management processes audited regularly with PCI P2PE.
  • P2PE devices. The majority of device manufacturers offer certified versions of their devise that work with validated P2PE solutions and includes SRED (secure reading and exchange of data).
  • Key storage. Key storage and decryption happens in hardware security modules that have been validated by PCI.

How to Protect Your Business

How can you protect your customers’ sensitive information and protect your business? It’s critical that you implement solutions that immediately encrypt card data at the point of entry. Despite popular belief, EMV (chip cards) alone will not protect your business from card data compromises. The good news is that you can obtain an EMV card reader that has P2PE capability built in. You can also:

  • Assess your payment environment. Unfortunately, credit card terminals are not the only vulnerable devices. Take some time to assess your payment environment and see where you can improve. For example, many back offices and call centers are wide open and unencrypted.
  • Consider all your options. Most experts say that, compared with nonlisted encryption, P2PE offers a higher level of security assurance. This allows you to reduce compliance requirements by up to 90 percent.

If you need safe payment processing, consider working with the team at EMB. Our team has years of experience in working with high risk merchants, and offer payment processing solutions that keep your customers’ information safe. In addition to offering a secure merchant account, we are constantly adding features on a daily basis.

  • Fast approvals in 24 – 48 hours.
  • No set up fees for most merchants.
  • High Risk merchants approved.
  • High volume solutions: load balancing gateways and multiple MIDS.
  • Chargeback protection & chargeback prevention programs available.
  • iCheck Check Processing service, featuring quick payments.

If you need EMV support, fill out our application today. Our merchant services are tailored to all types of businesses and industries, including: gaming, bad credit, credit repair, nutraceutical, telecom, warranty, tech support, travel, ebooks, electronics, airlines, and many more. It takes just minutes to complete, and you can have an account setup in as little as 24 hours.