afterwards the FBI warned of

a new form of POS Malware

called “Punkey” which can

infect any Windows-based

POS-system and act as a

“memory scraper,” identifying

and capturing consumer data

for subsequent exploitation.

Though there is no doubt that

EMV cards and Tokenization

both have a role to play in

securing consumer data, it

is clear that the “Killer App”

for data security must be the

technology that can protect

the point of sale—so-called

P2PE, or point-to-point

encryption.

P2PE protects data moving

through the point-of-sale,

encrypting it from the

moment the card is swiped or

dipped until the transaction

is complete. In short, P2PE

devalues consumer card data

through encryption, making

it unreadable to Point-of-Sale

(POS) Malware.

In August, the Payment Card

Industry Security Standards

Council updated its standard

for P2PE to make it more

merchant-friendly in order

to encourage adoption and

to protect more consumers.

The new standard, PCI P2PE

Version 2.0, allows merchants

to build and manage their

own P2PE Solution that

protects their retail and call

center locations. A “merchant

managed P2PE Solution”

can be either homegrown or

comprised of components

from PCI-validated and listed

vendors.

Though P2PE holds, perhaps,

the key to protecting

consumer payment data, all

three technologies—EMV,

Tokenization, and P2PE—are

essential aspects of what the

payment card industry calls

the “secure-all-channels”

strategy, a holistic approach to

manage security and mitigate

risk.

In conclusion, any business

that accepts consumer

payments (including retail,

restaurants, healthcare, sports,

financial services, and others)

should understand the layers

of protection required for

consumer payment data,

so that they can negotiate

sensibly and proactively with

their payment service provider

to protect their consumers

and their operations. The

consequences of getting it

wrong—as we have seen—can

be catastrophic. As hackers

become more sophisticated,

and more and more businesses

protect themselves properly,

the ones that have yet to

secure their systems will

become the criminals’ prey.

Ruston Miles is the Chief Innovation Officer at Bluefin Payment Systems where he specializes in developing secure payment gateway technologies. As Chief Innovation Officer, Ruston serves as a payment technology evangelist, speaking all over North America on payment trends and technologies, educating the business world about the highest levels of payment security. Ruston is a PCI Professional (PCIP), Certified Payment Professional (CPP), Certified Internet Business Strategist (CIBS), and an active participant with the PCI Security Standards Council. thebossmagazine.com

| November 2015 | 139