Verifone Service Manual
It’s incredibly important for merchants to understand payment security, including their own responsibility in making sure that their customers trust them with sensitive card data. Recent high profile data breaches from retailers such as Target have led to a large amount of cardholder data being compromised.
This in turn has led to confusion for cardholders when making payments in store and serious damage to the retailer’s brand. With this in mind, retailers must make sure they have the latest security polices to address these worries.
We’ve worked hard to educate our customers on the need for PCI DSS compliance and its advantages. Recent research by Aite Group showed that nearly a third of consumers don’t trust retailers with their financial data, so winning this trust is vital to retaining customers.
But time spent by retailers worrying about security is time that could be spent on their core business. That’s one of the reasons VeriFone has been investing heavily in point to point encryption (P2PE). But what is P2PE – and why should retailers care?
While P2PE is not yet mandated like PCI DSS, we have seen an influx of interest from our customers looking to take advantage of this standard. Retailers are being encouraged by card associations and acquirers to take P2PE seriously – and it has the potential to significantly change the industry landscape. Larger retailers in particular, who may think that because they operate their own payment gateway P2PE isn’t applicable to them, can utilise the standard to help drive even greater efficiencies.
P2PE also ensures that customer card data is encrypted at all times, from the point of interaction (i.e., when the customer inserts or taps their card), to the payment gateway. So, if access to this data is gained by criminal means, then all the fraudster has is useless, encrypted data that cannot be read – meaning the customer and the merchant is protected from this type of attack. As such P2PE will reduce fraud because it shores up a number of potential weak links in the payment security chain. It is worth noting that merchants have an on-going requirement to follow the P2PE Instruction Manual (known as PIM) to ensure they remain up to standard.
VeriFone has been fulfilling P2PE-ready devices for almost 12 months, and we’ve been working hard to make sure we meet all the requirements for P2PE validation. Earlier this month our hard work paid off, as our PAYware Ocius managed service platform for the UK market achieved P2PE validation from the PCI Security Standards Council.