A best-in-class pay at the table solution such as TableSafe provides significant economic advantages. Now, with approved P2PE validation,TableSafe delivers the highest level of data security plus additional convenience, time and cost savings for the restaurant.
Restaurants today face an increasing number of challenges related to payments including ensuring security, maintaining compliance, managing costs, and keeping pace with an ever-changing payments technology landscape, to name just a few.
The Payment Card Industry Data Security Standard (PCI DSS) was established in 2006 by the major card brands (i.e., Visa, MasterCard, American Express, Discover Financial Services, and JCB International). All merchants that process, store, or transmit payment card data are required to implement the security standard to prevent cardholder data theft. But as merchants learn, compliance to the standard is both time consuming and costly. Depending on how a merchant processes credit cardholder account data, they may be required to meet up to250 PCI DSS security controls, validated by a Quality Security Assessor (QSA)through as more than 1,200 tests.
P2PE validation does not replace the PCI DSS requirement for compliance, it does however offer restaurants an effective option for removing certain network assets and tests from scope, thereby reducing the number of applicable security controls. The result is a reduction from over 300 security controls to as few as 24 controls, as assessed on the Self-Assessment Questionnaire P2PE (SAQ-P2PE).
The increased protection of credit cardholder data through the P2PE solution, combined with EMV protection, adds value through increased security, and the chain-of-trust established between the cardholder, the restaurant and the bank.
Restaurants get peace-of-mind that cardholder data is secure and that time and money is saved in scope reduction while maintaining PCI DSS compliance.
Any solution provider can claim to offer point-to-point encryption, but not all P2PE solutions are the same. Only solutions that have been audited and validated to conform to the rigorous scrutiny of the PCI standards can offer merchants the peace of mind and transparency that customer data is truly secured.
For a payment solution to achieve P2PE validation, the solution must be assessed by a PA-QSA (P2PE) and are subsequently listed on the P2PE application listing on the PCISSC website.
The following requirements must be met by a table pay solution such as TableSafe:
· Must be adequately protected against attempts to reveal its cryptographic keys used for data encryption.
· Must be encrypted with ANSI X9 or ISO-approve dencryption algorithms.
· Must allow for data origin authentication.
· Secret and private keys must be unique.
· All administrative remote access attempts must be authenticated cryptographically.
· All firmware updates must be authenticated cryptographically.
· Must not retain sensitive data longer than necessary for business purposes.
To learn more about TableSafe P2PE Validation read our announcement or read more about TableSafe Highest Trust and Security.