The Importance of PCI and P2PE for Retailers (Part Two)

Last summer, I explored in some detail the importance of PCI and P2PE for retailers.

To recap, the Payment Card Industry Data Security Standard, or PCI DSS for short, is the worldwide standard set up to help businesses process card payments securely and reduce card fraud, through tight controls surrounding the storage, transmission and processing of cardholder data that businesses handle.

Due to the sensitivity of the data that is handled in this process, it’s seen as a high priority for retailers to adopt PCI DSS. If a Retailer isn’t PCI DSS compliant and loses customer card data, they risk the possibility of incurring Card Scheme fines, and may also be liable for the fraud losses incurred against these cards and the operational costs associated with replacing the accounts.You can read the full blog here.

P2PE encrypts card data from PED to acquirer, and therefore significantly reduces the DSS target for evaluation, and so many retailers are also adopting P2PE to simplify and streamline the process to implement DSS.

As this continues to be a business critical consideration for many retailers in 2016, I felt it would be helpful to provide an update on the key challenges and developments we’ve seen taking place with regards to PCI and P2PE.

Demand continues to rise

The end of 2015 saw a flurry of activity on the P2PE front, with demand continuing to rise from all types of retailers from newsagents to airside retailers and even national builder’s merchants wanting to ensure they remained compliant. For some this required refreshing PEDs to bring them up to P2PE standard. For others, it required the deployment of entirely new devices.

Google Pay and Samsung Pay add to the pressure

The successful rollout of Apple Pay in 2015 is being closely followed in 2016 by Google Pay and Samsung Pay, and we predict there will be a further surge in enquiries and orders from retailers of all types, as well as Payment Service Providers (PSPs), who will need a service provider who can both deploy and support their national and international estates of P2PE PEDs.

Demand continues to diversify

It seems that the issue of P2PE is no longer just a problem for traditional retailers, as we see more and more demand from further afield, including financial services organisations and the hospitality sector. 2016 will certainly be a year for diversification in terms of those needing help in this business critical area.

Competition intensifies

The PCI DSS QIR (Qualified Integrator & Reseller) Accreditation will help those service providers who chose to invest in it to position themselves as market leaders in the payment device marketplace. This will help to improve quality standards across the board and will also enable accredited suppliers to gain the competitive advantage.