CardConnect, a payment processing and technology solutions provider, announced today that it has been listed as a validated solution and application for Point-to-Point Encryption (P2PE) by the Payment Card Industry Security Standards Council (PCI Council).
CardConnect’s patented CardSecure® P2PE solution is designed to provide businesses with the highest degree of payment security and greatly reduce the scope of PCI DSS compliance requirements. By virtue of being the only validated P2PE product to be applied to both retail (card-present) and call center (card-not-present) transactions, CardConnect is able to fully eliminate clear-text cardholder data from a merchant’s processing environment.
In order to obtain P2PE Validation, CardConnect® met rigorous controls and requirements set forth by the PCI Council, including:
• Secure encryption of payment card data at the point-of-interaction
• Secure management of encryption and decryption devices
• Management of decryption environment and all decrypted account data
• Use of secure encryption methodologies and cryptographic key operations, including key generation, distribution, loading/injection, administration and usage
“The data breach at retailer Target marked the beginning of a new era, and now the theft of personal and credit card data is something, sadly, the majority of us have had to deal with – sometimes multiple times. As a payments company, our goal is simple: raise the bar for securing payments. Receiving validation from the PCI Council for CardSecure®, our Point-to-Point Encryption solution, is a testament to that,” said Jeff Shanahan, President and CEO of CardConnect. “Widespread adoption of Point-to-Point Encryption is the necessary step in stopping malicious hackers in their tracks.”
CardSecure® P2PE is currently validated to integrate with several Ingenico® terminals and supports NFC and EMV. CardConnect also offers an API integration extending to secure retail POS applications.