developer.authorize.net developer.cybersource.com
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a question

The Digital Strongbox – Securing Your Payment Data with Point-to-Point Encryption


Shahzad Khan, Senior Director, Global Acquirer Processing, CyberSource

Whenever money travels from one point to another, theft inevitably follows. Throughout history, it’s been common for pirates and brigands to stake out well-traveled commerce lanes to intercept valuable traffic.

Today’s Digital Commerce Lanes

In today’s world, this kind of physical heist is rare, and when it does occur, the novelty makes it highly newsworthy. But that doesn’t mean it has disappeared. Increasingly, this kind of “highway robbery” is migrating to the digital lanes of commerce, where bits of data can be intercepted without the need for ships, cannons, or bandits in black hats.

The More Things Change

Historically, merchants, bankers and others took steps to guard their valuables against theft in the form of caravans, armed escorts, safes and strongboxes. Today, armored cars are a common sight in cities across the world, and stand as a modern representation of an age-old practice.

In the digital age, while the tools differ, the same paradigm still applies. Instead of strongboxes and military escorts, encryption is used to secure valuable data in transit.

Point-to-Point Encryption

The PCI Security Standards Council (PCI SSC), a standards body established by card brands calls this Point-to-Point Encryption, or P2PE. P2PE is a terminal-based encryption standard, where payment data...

On the List

In order to meet the PCI SSC standard, a P2PE solution must meet three high-level requirements:

  • Card data must be encrypted using strong cryptography
  • Encryption must be performed in a PCI P2PE-approved hardware device
  • Decryption must not be possible within the merchant environment

    Solutions that have been validated by the PCI SSC as meeting its P2PE standards are referred to as “listed” solutions. Solutions that have not been validated, but provide similar functionality, are commonly referred to as “unlisted” solutions.

    Unlisted solutions hold a degree of uncertainty, as there may be no way for you to know whether a solution provider has fully addressed the controls that constitute the PCI P2PE standard. They may also mean a lot more effort on your end, in the form of needing to perform a thorough compliance assessment and potentially needing to implement additional security measures.

    With a listed solution, you have the confidence of meeting the criteria of the PCI P2PE standard. Furthermore, you can substantially reduce your PCI compliance requirements, saving you a great deal of time and effort.

    CyberSource Point-to-Point Encryption

    In order to bring you the security and compliance benefits of Point-to-Point Encryption, we are now offering our own PCI-validated P2PE solution. CyberSource P2PE helps protect payment data across all segments of your network, and prevents unencrypted transaction data from touching your systems.

londhegaurav
Moderator Moderator
Moderator
‎10-04-2018 01:28 PM
0 Kudos
Comment
7 Comments
Emmawalliam
Member
‎05-13-2022 11:23 AM

this is quite informative

0 Kudos
BasantaMatia
Member
‎07-19-2022 11:20 PM

Is there any sample project/reference for Cybersource Integration using .Net Core/Angular ?

@Emmawalliam @londhegaurav 

0 Kudos
Mendez0
Member
‎06-09-2023 06:39 AM

The Digital Strongbox is a secure digital storage solution that allows users to store and manage sensitive information, such as passwords, financial documents, and personal files. It provides encryption and multi-factor authentication for enhanced security, ensuring that data remains protected. Users can access their files anytime, anywhere, using a secure login.

davidwarner0007
Member
‎06-11-2023 03:22 AM

I appreciate you bringing the exceptional website to my attention, and I am keen to explore the benefits it offers. Your suggestion is valuable to me, and I am grateful for your support. I am always eager to learn and grow, and I am confident that this website will provide me with new insights and opportunities. Thank you for your kind words and for sharing your discovery with me.

0 Kudos
mitchellhobb
Member
‎07-24-2023 11:08 PM

The Digital Strongbox is a concept that represents a secure way of storing and transmitting sensitive payment data using a technique called Point-to-Point Encryption (P2PE). P2PE is a security measure used in the payment processing industry to protect cardholder data during transactions.

Here's how the Digital Strongbox and Point-to-Point Encryption work together to secure payment data:

  1. Definition of the Digital Strongbox: The Digital Strongbox refers to a secure storage mechanism where sensitive payment data, such as credit card information, is stored in an encrypted form. It can be a physical hardware device or a secure software environment designed to safeguard this information.

  2. Point-to-Point Encryption (P2PE): P2PE is a method of encrypting payment card data from the point of capture (e.g., the payment terminal or online payment form) until it reaches the secure decryption environment (e.g., the payment processor). This process ensures that the sensitive data remains encrypted and unreadable to anyone who may try to intercept it during transmission.

  3. Secure Data Capture: When a customer makes a payment, the payment card data is captured at the point of sale or payment processing. This can be done using a physical payment terminal, an online payment gateway, or a mobile payment device.

0 Kudos
Alexanderwp
Member
‎11-23-2023 09:34 PM

Thanks for sharing, Shahzad Khan! CyberSource's Point-to-Point Encryption solution sounds like a robust way to safeguard payment data in today's digital commerce landscape. Excited to explore more about its PCI-validated features and benefits.

0 Kudos
Popular Articles
Copyright © 2024 Khoros, LLC