Point-to-Point (P2P) Encryption
Taking payment card information over the phone, call center operators typically enter PANs into workstation applications, a classic card-not-present activity that is costly to bring within PCI compliance. All those PANs temporarily stored in workstation RAM before being sent to the financial system database are a juicy target for hackers. This unsecured process also renders the workstation unusable for any other purpose, isolated from the Internet and any other office application. Adding an encrypted pin pad device to the call center station is an effective first step to ensuring that PANs are not stored in a readable format, should a hacker insert malware into the workstation. This is an easier and more cost-effective solution than deploying workstations dedicated only to collecting payment information which have restricted access to Internet connections, no email, or office applications that can be the source of malware.
To completely secure a card-not-present transaction in a call center environment, the TokenEx P2PE service integrates with call center applications in conjunction with the encryption pin pad device, reading the encrypted PAN as it is entered, and transmitting the encrypted data directly to the TokenEx Secure Data Vault where it is decrypted, tokenized, and stored. Only the token is returned to the call center for additional processing and storage, keeping all the call center workstations and other business systems at the minimum scope of PCI compliance.
TokenEx works with most every manufacturer of encrypted pin pads that are used either for card swipes at a retail location (card present) or for manual entry in the case of a card-not-present transaction. TokenEx manages the encryption keys which are unique to every customer and are never shared.
TokenEx P2PE ensures that all the payment data entered via swipes or manually via your pin pad devices are immediately encrypted, tokenized, and vaulted so that your business systems never capture, store, or transmit PCI, thus minimizing the costs of PCI compliance.
Why Is This Solution Important For My Business?
No sensitive data (period)
Device Agnostic -Verifone, Ingenico, Magtek, IDTech, etc
Eliminates most controls from PCI Scope (SAQ P2PE-HW)