Implementation of Point-to-point Encryption
Point-to-point encryption technology evolved in response to emergence of new types of credit card fraud. Although SSL protection is always there, at communication level, point-to-point encryption provides additional protection layer for cardholder data.
There is no unified opinion as to which algorithm is the best one when it comes to point-to-point encryption. Some businesses use symmetric encryption keys and encrypt the data with triple-DES algorithm, while others choose asymmetric keys and such encryption\decryption algorithms as PGP.
Implementation of Logic
Implementation of encryption logic and implementation decryption logic are the key issues to consider when it comes to some particular point-to-point encryption solution.
Decryption can be performed either at hardware or at software level. Hardware security modules (HSM) are often used for decryption. The advantage of HSM-based approach is that the encryption key never gets exposed, as it resides within a special hardware device.
Encryption can be performed at the point of card entry (or point of swipe), within a payment terminal, or outside the terminal (by a DLL library).
Although security considerations provide the key reason for point-to-point encryption implementation, some merchants implement the approach, because it allows them to stay (or get) out of PCI scope. Often point-to-point encryption and tokenization are used “side-by-side”.
More detailed information on point-to-point encryption is available on #Paylosophy.