Key steps to point-to-point encryption

Key steps to point-to-point encryption

When looking to get in line with PCI compliance rules in an effort to make an eCommerce website more safe, Kevin Burns, a PCI DSS consultant at Expedite, said there are some key steps to take in implementing a point-to-point encryption service, according to a post on RetailWeek.

Burns said on the website that there should be a PED - or PIN Entry Device - replacement, accreditation gained through an acquirer, availability of a new PED, integration with the rest of the company's system and deployment of new PEDs with software upgrades.

"Clearly timelines will vary and you’ll likely have a view on the considerations above. But if P2PE is your answer to solving your PCI DSS challenges then, as I said back in September 2011 - plan now," Burns said. "Get your budget in place and perhaps take a calculated gamble to start sooner rather than later. If you wait you might find that it leads to disappointment, with busy development and deployment teams, and long lead times on PEDs, not to mention stretched resources at the acquirers trying to deal with a host of accreditations in parallel."

Troy Leach, chief standards architect of the PCI Security Standards Council, told SC Magazine that a P2PE would help simplify PCI compliance for companies. He said if properly implemented, it can help simplify PCI DSS guidelines for a company.