Point-to-Point Encryption (P2PE), although growing in popularity, has yet to gain wide-spread adoption in the healthcare point-of-service payment environment.
And while P2PE is not officially required for PCI DSS compliance, what is certain is the reduced PCI DSS scope that the encryption delivers.
In other words, the expense and resources devoted to PCI DSS compliance during card-present transactions (i.e. point-of-service payments) are significantly reduced with P2PE.
How P2PE reduces scope
Point-to-point encryption impacts PCI DSS scope because card holder data is encrypted at the hardware device level.
Put simply, the card holder data is encrypted right at the point of interaction and this means data remains encrypted inside of your payment environment.
Options and considerations for P2PE
Healthcare organizations investing in P2PE have two options:
- Equip existing payment hardware with point-to-point encryption, or;
- Purchase new hardware that comes with point-to-point encryption
For organizations looking to comply with the upcoming October 1, EMV deadline, it makes sense to consider investing in new hardware that has both P2PE and can process both traditional “swipe and sign” and EMV chip card payment transactions.
For RevSpring clients using our point-of-service payment solution, RevSpring now supports EMV, Signature, PIN entry hardware and offers P2PE through Magensa. For more information feel free to email us email@example.com.