This website uses cookies to ensure you get the best experience on our website. Learn more

Contact Us |
Home |About Us | Blog | Avoiding Those Painful PCI Non-Compliance Fees

Over recent weeks many retailers, restaurant and bar owners as well as businesses in other sectors who accept card payments have had a nasty surprise dropping through their letter boxes.

UK acquirers have been writing to their customers advising them that should they be assessed as being PCI DSS non-compliant then they will face some pretty penal additional charges on their monthly bills.  Fees we have seen have taken a variety of different forms, 0.3% per transaction, 5p a transaction or £9.99/month, all quickly mount up, but more importantly are completely avoidable.

Here at Optomany we’re a big supporter of Point-to-Point Encryption (P2PE) as a means to ensuring that cardholder data is kept as safe and secure as possible. In fact, we achieved a global industry first when our axept® payment solution on PAX payment terminals was certified with version two of the PCI P2PE standard.

A brief history of P2PE

P2PE was designed to encrypt payment card data from the moment a card enters a terminal until it reaches as secure location outside of the merchant’s environment. This has obvious benefits for the merchant, most notably that if a hacker manages to get hold of that data it will be indecipherable and therefore useless to them. Given the sophistication and determination of modern cybercrime gangs, large scale data breaches are an ever-present danger, even among well-resourced organisations.
It was first launched back in 2012 but revised and much improved with Version 2, released in 2015.

A win-win for merchants

PCI DSS compliance does place a huge financial and resource burden on merchants, especially SMEs. That’s why P2PE is such a boon: it reduces the time and cost of compliance by effectively descoping card data for the merchant. To put it another way, it renders card data useless to cybercriminals, so merchants achieve a huge reduction in scope. In effect, it reduces PCI DSS requirements from 300+ to less than 35. Here’s a quick checklist of those benefits of P2PE once again:

• “De-values” account data by rendering it indecipherable to cybercriminals
• Simplifies compliance with PCI DSS
• The P2PE Self-Assessment Questionnaire includes only 24 PCI DSS requirements
• Offers a powerful, flexible solution for all stakeholders

To find out more about Optomany P2PE solutions and how you can avoid paying any unnecessary fees to your acquirer, please get in touch via info@optomany.com.

we can help you find the best solution
to suit your business

Give us a call on
+44 (0)208 102 8000

email us at
info@optomany.com