The purpose of this white paper is to assist merchants in making compliance decisions related to the use of the Payway, Inc. P2PE solution. To do this, Dara Security conducted an independent
review of publicly available PCI Data Security Standards (PCI DSS) compliance tools, as well as a review of the Payment Card Industry (PCI) Security Standard Council’s (SSC) Point-to-Point Encryption (P2PE) program and how it fits into the modern payments security and compliance ecosystem.
Point-to-Point Encryption (P2PE) is a critical technology used to protect credit card data from being breached. While P2PE has been around for many years, only PCI Validated P2PE technologies, such as the Payway P2PE Solution, have been tested to rigorous standards and should be trusted to reduce risk and PCI DSS scope at a merchant.
In this white paper, we explore PCI validated P2PE in detail, including how P2PE works within an environment and with other technologies, and how the Payway P2PE Solution can be used to reduce both risk and scope in a MOTO environment. We present a challenging use case and demonstrate how P2PE provides an exceptional solution to PCI DSS and credit card security issues within that environment. This white paper demonstrates how P2PE aligns with the PCI DSS compliance framework in order to simplify merchant compliance efforts.
The intended audience for this document is merchants who are considering or have already implemented the Payway P2PE Solution within their card-not-present [mail order/telephone order (MOTO)] processing environment. The impacts on compliance and risk discussed herein are tailored for merchant organizations, and therefore the term “merchant” is used throughout. Please
consult with a qualified security assessor (QSA) for further clarification on how the Payway P2PE Solution may impact your organization’s risk and compliance.