One less job for merchants with point-to-point encryption security update

November 20, 2017

Among the reasons people start businesses–the challenge of building something from scratch, opting out of a traditional 9-to-5, being one’s own boss–managing PCI compliance is almost surely not one of them. But that doesn’t stop it from being one of the most critical set of tasks small business owners must undertake.

All merchants that accept payment cards must be PCI compliant. Some rules are technical, some pertain to physical security practices, others are process- and procedure-driven. All of the rules are meant to ensure the security of customers’ card-based payments. The consequences of ignoring PCI compliance are too great for small businesses to ignore.

Consider that, according to the PCI Security Standards Council, 7 in 10 hackers attack businesses with 100 employees or less, and that the average cost of a breach to small businesses is more than $20,000–a significant burden to many businesses.

To add to the burden, if your business experiences a security breach and is found to not be PCI compliant, you may risk higher processing fees, be penalized with an assessment, or jeopardize your relationships with your bank and credit card companies.

And of course, failing to be PCI compliant means you’re putting your customers at risk, which can put your business’s reputation at risk, in turn.

Enter point-to-point encryption, or P2PE

Clover’s point-of-sale systems are already among the most secure in the industry with built-in PCI technology that secures credit card transactions.

But even with a PCI-compliant Clover point-of-sale device, merchants must still implement a number of additional security controls to secure customer transactions. Merchants also have to complete a yearly self-assessment in order to validate their PCI compliance. The longest of those assessments has 300-plus questions.

Enter point-to-point encryption, or P2PE. This technology further ensures the security of card-based transactions. With P2PE, card data is encrypted–rendered unreadable by cyber thieves or anyone else–from the moment it touches the Clover point-of-sale system to the moment the data reaches the servers at TransArmor, First Data’s card security solution.

This reduces the scope of individual activities and controls merchants need to account for themselves in order to secure payments, making the security environment for those merchants’ customers even more ironclad.

In order for a point-of-sale system to be classified as P2PE, it must undergo a rigorous assessment and be approved by the PCI Security Standards Council. Clover is among the point-of-sale solutions that has passed this rigorous test. Customers who are currently using Clover Mobile, Clover Mini and Clover Flex to process payments have P2PE on their devices already, and it will become available on other Clover devices in the future.

One less job

P2PE reduces the number of merchant-implemented controls required to secure card transactions with encryption technology. And at the end of the year, it reduces the number of annual PCI validation questions merchants must answer to affirm their compliance by as much as 90 percent.

What’s more, P2PE also addresses compliance for mobile payments.

In short, point-to-point encryption of card transactions gives both merchants and their consumers more protection, all while reducing the assessment and compliance burden. No matter why they started their businesses, any business owner would welcome the advantages of P2PE technology: less time on paperwork, more time to run the business, greater protection for customers and one less thing to worry about.

[image: Computer Security – Cyber Security by Blue Coat Photos on flickr]

Clover is sold by leading U.S. banks including Bank of America, BBVA, Citi, PNC, SunTrust and Wells Fargo. You’ll also find Clover at our trusted partners including CardConnect, Restaurant Depot, and Sam’s Club. For more information, visit us at