Key Features and Benefits of the On-Guard P2PE Solution
The solution is comprised of three certified components: an encryption module, a decryption module and a key management solution.
The Ingenico Point-to-Point Encryption (P2PE) solution has been designed to be modular and adapt to any payment infrastructure worldwide.
- The encryption module is embedded in the Telium® platform and is therefore available across the complete range of Ingenico terminals.
- The decryption module is delivered as a certified appliance to be easily hosted in the infrastructure of any Service Provider, Processor or Retailer. As it is also hosted within an Ingenico certified PCI DSS infrastructure, the P2PE feature is available to any merchant using Axis Payment Services.
- The P2PE feature is activated in the field, by remotely loading P2PE parameters and keys into deployed terminals using Ingenico TMS (Terminal Management System).
A certified solution, ready for deployment
The overall On-Guard solution meets security standards defined within the Payment Card Industry. In addition, each single component of On-Guard is being certified independently against the latest version of the applicable security standard published by the PCI SSC.
- The encryption module security level aligns with the SRED (Secure Reading and Exchange of Data) requirements defined in PIN Transaction Security standard V3.0 (PCI PTS)
- The decryption module is validated against PCI PA DSS V2.0. The decryption appliance is delivered as a standalone hardened server with the decryption engine fully coded within a Hardware Security Module; its secure architecture ensures smooth integration within the infrastructure of any PCI DSS certified Service Provider, Processor or Retailer
- The P2PE Key Distribution in field terminals relies on the Remote Key Injection feature of the Ingenico Terminal Management System, which is PCI PIN certified
The On-Guard P2PE solution is future-proofed against changes in security requirements. Both the terminal and the On-Guard appliance can be upgraded in a secure manner, with no impact on the merchant’s activity, as the upgradability is integrated within the solution. The flexibility level and future-proof architecture of On-Guard will allow merchants to de-scope their in-store network from the terminal connection up to the payment server connection.
A flexible solution, adapted to merchants’ needs
On-Guard protects cardholder data with proven, non-intrusive encryption technology from the point of capture up to the payment gateway or host. The encryption parameters are defined by the merchants to achieve the best compromise between business needs and security requirements. Data may be partially encrypted, leaving some digits in the clear and means the solution is non intrusive for applications deployed on intermediate systems, such as the POS.
On-Guard can be complemented by a Tokenization solution which allows merchants to identify their end customers without storing sensitive data such as the Primary Account Numbers. The substitute, or “token”, might be used for receipt printing or to feed CRM tools.
Merchants can enjoy the benefits of an entirely flexible and certified solution, adapted to their individual business needs, reducing their exposure and allowing them to focus on their core business.