EMV guarantees the authenticity and integrity of card data, P2PE ensures the confidentiality of card data. Paya’s implementation of P2PE is Head-to-Host, where “Head” references the card reader (hardware) of the payment acceptance device, where card data is encrypted before it is even exposed to the device’s memory. The Merchant is never exposed to sensitive card data, is protected from data breaches within the Merchant domain, and the PCI burden is significantly alleviated. Decryption takes place at the “Host” (Paya Gateway) which is in a highly secured and PA-DSS certified environment. The following figure illustrates this concept:
If you have questions or require additional information, please contact us and we will be in touch with you shortly.