TransForm® Encompass & P2PE

Cardholder data: Out of software, out of scope, out of mind.

 


What is P2PE Encompass?

Element’s fully outsourced point-to-point encryption (P2PE) solution removes ISVs and merchants from the business of payment card security, effectively reducing the risk, liability, and costs associated with secure credit card acceptance.

Through a holistic combination of secure procedures, hardware, and software, TransForm® P2PE Encompass ensures sensitive credit and debit card data is protected immediately at the point-of-entry, while in transit, and all the way to the payment processor. The TransForm® P2PE Encompass solution is one of the first PCI-validated P2PE solutions to meet all requirements as set forth in the PCI P2PE standard.

How TransForm® P2PE Encompass Works

As a PCI P2PE Validated Service Provider, Element regulates key management, encryption, decryption, and data handling functions via approved software, hardware, and established processes. As a result, demonstration of compliance—which all merchants that accept credit cards are required to do annually—is dramatically simplified due to a vast reduction in scope. Element’s end-to-end outsourced approach minimizes risk, liability, and significant compliance costs for ISVs and their customers.

If software doesn’t transmit or store cardholder data, it’s not considered a payment application. Subsequently, it’s not subject to the cost and complexity of compliance with PCI requirements. TransForm® P2PE Encompass effectively removes the business management software from the scope of PCI requirements by encrypting cardholder data from the outset and isolating it from the software application. Thus, TransForm® P2PE Encompass—not the ISV or merchant—shoulders the cardholder data security burden.
Download the P2PE Encompass Whitepaper

“If a merchant that is, or was, storing cardholder data before implementing a [validated] P2PE solution was actually doing everything they could do as part of their SAQ, we estimate their cost savings at somewhere between $25K and $30K a year. Merchants now have a clearly defined and affordable path to compliance.” 
-Trustwave QSA
Why ISVs Love TransForm® P2PE Encompass
Ease of integration is just one reason ISVs choose TransForm® P2PE Encompass. The solution also:
  • Removes the ISV's software application from scope of PCI compliance. 
  • Gets merchant customers on the fast track to PCI compliance.
  • Allows ISVs to offer P2PE, which protects cardholder data from point-of-entry to settlement.
  • Eliminates exposure to fraud and financial liability for ISVs and their customers.
Why Merchants Love TransForm® P2PE Encompass

With an SRED (secure reading and exchange of data) POE device, a strong process-based approach to the deployment and management of security tools, and TransForm® P2PE Encompass, merchants find peace of mind knowing there’s less risk of cardholder data being compromised anywhere in the payment cycle. They also benefit from the luxury of drastically reduced PCI compliance requirements and costs. For example: 

  • The PCI SAQ (self-assessment questionnaire) is reduced from 300 questions to 20. 
  • Vulnerability scans/penetration tests are no longer required.
  • Purchase of PCI policy and procedure documentation is eliminated.