Payment card security has always been critical, but with the news that the cost of a data breach has grown to $1.75m for enterprise class merchants, understanding the different POS platform approaches is paramount.
For years the industry focused on hardening the environments in which sensitive data was stored or transmitted. PCI standards were designed with this idea in mind – if the environment was hardened, the hackers would not be able to access the data. In short, that approach failed.
This was because most merchants were operating with commerce technology architected 20 years ago, leaving significant amounts of data on premise – and the distributed nature of their business meant that while the environment might have been hardened at install, it degraded over time.
PCI responded with the point-to-point encryption standard (P2PE), which took a very different approach. Rather than harden the environment, we would now focus on preventing sensitive from being stored or transmitted in a way that it could be intercepted. This approach encrypts the transaction at the payment device and typically decrypts at the gateway before routing to a payment processor.
Bypass is taking this approach a step further – not only follows the P2PE standard, but providing end-to-end security by decrypting the payment transaction at the processor rather than the gateway. As these articles increase in frequency driven by data breaches, we are encouraging our partners to conduct a review of the estate to determine where legacy solutions may still be in-use and accelerate a remediation program.