End to End Encryption

PCI DSS requires that data is encrypted in transit, (across open public networks) and also at rest. In a traditional retail environment with Point of Sales Terminals, this encryption typically takes place on a backoffice machine. As a consequence, the devices that passed card data in the clear (PoS terminals) as well as the devices that encrypted the data (backoffice machines) were fully in scope for PCI DSS assessment.

In a medium to large estate with 100+ PoS / backoffice machines, it requires considerable effort and expense to become compliant with the standard. It requires hundreds of machines to be maintained and patched and the collection of logs from each machine and terminals. It has also requires the retailer to run IPS and FIM against 100+ devices. All of these requirements have pushed up costs, and lengthened the compliance journey.

Towards the end of 2009 and the beginning of 2010, a number of providers brought End to End Encryption (E2EE) technologies to market. In the UK, Commidea have been early to market, and initiatives from the Logic Group, Yes-Pay and Verifone have all been aimed towards delivering E2EE solutions for retailers.

E2EE technology encrypts data on the Pin Entry Device (PED). This data is then transported across the retailers environment either to a central Head Office location or alternatively to a third party service provider. At this location, the data is decrypted, processed and card transactions are authorised and settled. E2EE is a moderately new technology, and where implemented correctly 'could' be used as a measure to reduce risk and consequently descope the PCI DSS journey.

Nettitude has a team of consultants that have worked extensively with a range of E2EE technologies. We have assisted series of retailers deploy E2EE solutions with a view to reducing their exposure to risk and fraud.

To find out more about how Nettitude can help you with your Compliance requirements, please complete our contact form, and a Consultant will respond to your enquiry.