As practices continue to implement digital payment technologies and cyberthieves continue to evolve tactics, data breaches will remain a persistent threat. Breaches aren’t only inconvenient; they’re costly. Customer personally identifiable information (PII) is the costliest, at $150 per stolen record. Average overall costs of a data breach vary by country, with the U.S. leading the way at $8.64 million, and the global average at $3.86 million.
The fallout of a data breach can be devastating to any type of organization. In addition to the disruption of daily operations, lost sales, recovery of assets, fines and compensation, practices that experience an attack also incur nonmonetary costs like brand erosion and reputational damage.
Why was P2PE created?
Implementing an effective data security solution involves navigating myriad regulatory and compliance requirements. The complexity and time involved in these efforts can be challenging – and overwhelming.
In recent years, point-to-point encryption (P2PE) has emerged as a security technology solution that solves these pain points. P2PE protects cardholder data in transit by encrypting it from the point of payment through to the solution provider’s secure environment, where it is then decrypted. Since P2PE removes clear text data from a business’s network, the data has no value if stolen.
Three key benefits of P2PE
With P2PE, cardholder data never even enters the point-of-sale environment, offering practices the following benefits:
- Better security with greater reassurance
With P2PE, customer account data is devalued even if stolen, so practices are less likely to be the victim of a profitable attack. - Simplified PCI DSS compliance process
PCI-listed P2PE solutions can help reduce the scope of a PCI DSS audit, saving time and money without sacrificing data security. - Peace of mind through a managed service
Some P2PE solutions include features like PED device tracking and monitoring, which practices must evidence as part of their PCI DSS assessment.
Dispelling the P2PE myths
Some misconceptions exist around P2PE, particularly related to PCI compliance. Following are the most common myths:
Myth: P2PE is mandated.
Truth: P2PE is not compulsory but is highly recommended by payment schemes including Visa, Mastercard, American Express, Diners, Discover and JCB.
Myth: P2PE automatically reduces PCI scope.
Truth: Scope reduction is not a given, but when managed correctly, P2PE should help to reduce the effort of compliance.
Myth: Businesses that implement P2PE don’t need to engage a QSA.
Truth: It’s still necessary to engage a QSA and revalidate compliance on an annual basis, but the scope of the assessment may be reduced.
Myth: P2PE covers in-store and online channels
Truth: P2PE only applies to in-store environments; businesses with e-commerce channels must follow the compliance requirements for those channels.
Safeguard your practice with P2PE
With the ability to protect cardholder data from the point of entry through the secure decryption endpoint, P2PE is an essential element in protecting your practice and your patients. Worldpay from FIS provides the P2PE solutions that are critical to your overall payment security efforts. we’re available to offer guidance and support for anything related to your payments system. Connect with one of our payment experts to discuss your options that can protect your payments revenue.
Are you interested in implementing MicroMD ePayments by Worldpay? Learn more at micromd.com/marketplace/financial/micromd-epayments/ or call us at 800.624.8832.
