October 10, 2013 - Card data breaches have resulted in financial losses and sometimes business failure for merchants and service providers that have been inept in protecting IT systems and business processes.
The problem is not just limited to high-profile multinationals as a growing number suffering breaches are small companies employing less than 100 people.
As a merchant, how do you protect card data in your network and have a secure payment solution in place painlessly? Is there a simple, low-cost process that can mitigate risk of card breach and ensure total security during card payments? How do you quickly secure your environment without going through a full-blown PCI-DSS certification process with your QSA?
Major industry players, such as Visa and MasterCard have given clear guidelines and recommendations regarding the implementation of Point-to-Point Encryption (PTPE), which can prevent card breaches and hence ease the burden of PCI DSS compliance.
YESpay, the latest member of the WorldPay Group, is now deploying its Omni-channel Point-to-Point Encrypted (PTPE) integrated payment service to its first few UK high-street retailers fully ¬accredited by WorldPay Streamline. The solution achieves card data encryption within the Ingenico IPP350 PEDs (PIN Entry Devices) and decrypts the critical card data at the YESpay payment gateway within HSMs (Hardware Security Modules).
YESpay's PTPE solution complies with security recommendations specified by Visa 'Data Field Security' Best Practices and Payment Card Industry Security Standards Council (PCI SSC). YESpay has engaged its QSA, FortConsult, to audit and validate the solution to PCI SSC which is expected to complete in first half of 2014.
"Our fixed and mobile PTPE secured integrated payment solutions are based on open standards rather than proprietary techniques. By effectively removing clear card data from the retailers network, we have helped them to significantly reduce the effort required in achieving PCI DSS compliance and effectively taken the retail POS networks out of scope. Our QSA, FortConsult, will shortly perform PCI SSC audit covering Application Security, Encryption and Decryption Management, and our PTPE Cryptographic Key Management", says Dr. Chandra Patni, co-founder of YESpay and Head of Integrated Terminal Solutions and Mobile Payments at WorldPay Group.
YESpay, WorldPay Total and WorldPay Zinc provide secure PTPE fixed and mobile payment services, while keeping migration processes really simple from existing non-PTPE compliant payment solutions. Benefits of the recently launched PTPE payment services include:
- Achieve High Level of Security:
- Card data encryption within the PED with decryption via HSM at the payment gateway
- Cloud based payment service which uses SSL IP communication
- Industry Standard DUKPT Encryption within the PED
- Choice of PED manufacturers today include Ingenico and Miura
- No bespoke/proprietary security software in PED
- Reduction in the effort required for achieving PCI-DSS certification
- PED PTPE Keys Injected in secure facility or via Remote Key Injection