Merchant Link SecurityCents

A blog that comments on the latest developments in the world of payments, payment data security and technology, PCI compliance, and more.

By Sue Zloth

You like potato and I like potahto , You like tomato and I like tomahto;
Potato, potahto, tomato, tomahto! Let’s call the whole thing off!

When it comes to the security industry one thing is certain; there is a whole alphabet soup of acronyms used to talk about technology and many people often use different names to talk about the same technology.

This issue was brought in to sharp relief recently when the PCI Council released their first guidance document on Point to Point Encryption.   At first I was a little mystified, had there been some significant change in the types of technology the payments card industry was using?  As it turns out the PCI Council had simply created an alternate reference for End-to-End Encryption – a term that has been pretty well agreed upon by the payments card industry for some time now.  In fact, at Merchant Link, we’ve always used End-to-End and recently announced our E2EE solution.

While industry shorthand has certainly shaped our conversations and product naming, the terminology of End-to-End encryption is, if one was to dig deep, not technically correct.  End-to-End would mean all the way from the point of swipe, through the gateway, up to the processor, out through the card networks and all the way to the issuer.  The end point, past the processor is the part that is still a pipe dream; it may happen in the future, just not any time soon.

PCI’s key argument for the change in terminology was to redefine the cardholder data environment and to make it clear what is and is not secure, as well as define what is in scope. This clarification was needed.

So, despite some initial hesitation and some other vendors’ insistence that their products really do secure the end points, the PCI Council’s guidance on calling these technologies Point to Point is well taken. The new naming convention allows for greater flexibility in what we currently identify as points and what we might include in the future.

So if we consider the accuracy of the terminology and accept that the PCI Council has already taken a stand on what to call it, we’ve decided to make a change. Merchant Link  will now change from E2EE to P2PE to ensure consistency with industry norms and with guiding principles we agree with.

Powered By DT Author Box

Written by Merchant Link Staff

Merchant Link Staff

Merchant Link’s SecurityCents blog is essential reading for merchants in the retail, lodging, and restaurant industries looking to secure their customers’ credit card data. Check the blog regularly to read what our industry experts have to say about the latest developments in the world of payments, payment data security and technology, PCI compliance, and more. We invite you to leave comments and share your insights and opinions.


There is one comment for this post.

  1. Harrison on October 5, 2012 9:04 am

    Appreciating the hard work you put into your blog and in depth information you present. It’s nice to come across a blog every once in a while that isn’t the same outdated rehashed material. Great read! I’ve bookmarked your site and I’m adding your RSS feeds to my Google account.

Write a Comment