The Importance of a PCI-Validated P2PE Solution in Today’s Market


The Equifax breach has been the latest instance of a widespread hack that has put the information of individuals into the hands of hackers. However, this could be the worst as 143 million people were affected, and hackers were able to acquire Social Security numbers, birth dates, addresses, and driver’s license numbers. They were able to steal a few hundred thousand peoples’ credit card numbers as well.

As scary as the Equifax breach is, though, it is just one of thousands of breaches that take place in the United States every year. Did you know that there were nearly 1,100 recorded data breaches in 2016? This was a 40% increase from 2015. Hackers are becoming more sophisticated with their tactics, and some of the most vulnerable institutions are call centers. This make sense when you consider call centers use private information to identify whom they’re speaking with, and they can process payments over the phone.

The consequences of a data breach at a call center can be disastrous, which is why corporations and banks must invest in security measures to protect their customers’ data and reduce their risk of losing a lot of money; each record stolen could cost up to $174, potentially bankrupting a company if the breach is large enough. One of the ways a company or bank can do this is by implementing a PCI-validated P2PE powered by a respectable solution provider.


Why Do You Need a PCI-Validated P2PE Solution?


Although there are various end-to-end encryption products out there, P2PE solutions are the only ones that have been audited and approved by the PCI SSC Council to be validated. PCI-validation matters for several reasons:

  • Device Security: A PCI P2PE device is automatically deactivated when tampering is suspected, preventing a potential breach at the point of entry device.
  • Strict Controls: Encryption keys are protected through strict controls to ensure data can’t be decrypted.
  • Chain of Custody Process: PCI P2PE has a centralized chain of custody process for managing all point of entry devices for PCI compliance review.
  • Reduced PSI Assessment: A company or bank may be eligible to take the 35-question SAQ P2PE-HW, which is a significant reduction from the 332-question SAQ D.

As a leader in payment gateway solutions, First Atlantic Commerce is proud to partner with Bluefin Payment Systems to offer a PCI-validated P2PE solution for call center that enhances data security and ensures customer data doesn’t get in the wrong hands. You can learn more about this solution here.