Jon Banks, Director of Payments & Customer Loyalty, The Logic Group
The last few years have been a challenging time for retailers, yet it looks like things may finally be on the up: official figures show that recent growth has taken the UK economy past the pre-recession peak. This is without doubt very welcome news for British businesses and long overdue.
Retailers can see that they can’t afford to just rest on their laurels and expect to simply reap the rewards of the economic upturn. They must find ways of streamlining operational costs so as to ensure they stay competitive and maximise profitability. However, competition for customers remains as fierce as ever, meaning they need to do so in such a manner that it doesn’t diminish the overall customer experience, which is paramount to on-going customer loyalty.
Thankfully, the cost of compliance is one that can be significantly reduced for many retailers, and done so without having a negative impact on customer experience. The implementation of a Payment Card Industry (PCI) validated Point to Point Encryption (P2PE) solution for in-store card payments, allows businesses to cut their on-going costs and drastically reduce the time associated with their annual audit.
A PCI-validated P2PE solution is the only way a retailer can take in-store cardholder data out of scope, with card data being encrypted before it even reaches their retailer Point of Sale (POS). The corollary of this is that the business’ annual PCI audits are streamlined substantially, with the total number of questions included being reduced from over 250 to a much more manageable 18. Consequently, businesses can make huge resource saving, creating a much more efficient process. In fact, it is estimated that the correct implementation of a PCI-validated P2PE solution can reduce on-going costs by around 50%.
Above all else, P2PE gives retailers the ability to minimise their risk of a data breach, where customer cardholder data would be compromised. For customer confidence, such an incident could damage the consumer’s relationship with a brand beyond repair.
Although Point to Point Encryption is already on the agenda of many retailers’, at PCI London on 1st July it was clear that there is some confusion as to whether they have PCI-validated P2PE solution in place already. This would seem to stem from the fact that while P2PE solutions have been available from vendors for some time, the PCI Council only issued its guidelines and began validating solutions in 2011 with the first of these validated solutions being available just last year. Retailers may believe they have a fully validated P2PE solution but in actuality, this is often not the case. Consequently, they aren’t receiving the cost and resource savings that a fully PCI-validated solution brings. Our clear advice to retailers seeking to realise these savings through a P2PE solution is to check whether their solution is validated on the PCI website.
This alone should be enough of a reason for businesses to ensure their solutions are validated; they are also actually putting themselves at risk of incurring additional costs in the form of fines from their acquirers by not having one in place.
Once a business has their validated P2PE solution in place, the next step is to ensure it is accredited by their industry Qualified Security Assessor (QSA). One requirement of this will is that they adhere to a Solution Provider’s P2PE Instruction Manual (PIM). The PIM outlines the processes a business should implement to maintain compliance, such as the proper handling of PIN Entry Devices (PED). The PIM also includes a provider’s suggestions for operational procedures and best practice for using a P2PE solution.
In May 2013, the PCI SSC announced that The Logic Group was the first company worldwide to achieve P2PE application validation and in November 2013, our Solve DataShield P2PE solution achieved global validation by the Payments Card Industry Security Standards Council (PCI SSC). At present we offer one of only three PCI-validated P2PE solutions on the market.
If a business is looking to minimise its operating costs, P2PE solutions are a great option, but only if they are implemented correctly. If your business opts for a solution that isn’t PCI-validated you’re both missing out on significant savings and putting yourself at risk of additional costs. However, if you want to see how a comprehensive P2PE solution can help you save both time and money so that you can focus on delivering products and experiences that meet and surpass your customers’ expectations, come speak to The Logic group.