SAN FRANCISCO, Oct 24, 2016 /PRNewswire/ -- Leading retail software company Index announced today that Coalfire Systems, a respected Payment Card Industry Qualified Security Assessor (PCI QSA), has completed an evaluation of Index Point-to-Point Encryption (P2PE) to the current PCI Data Security Standard (DSS) 3.2 requirements and PCI P2PE v2 standards.
Coalfire, an independent PCI P2PE QSA, concluded that Index P2PE is a robust solution that can be used by merchants to dramatically reduce risk and applicability of PCI DSS controls. In its report, Coalfire affirmed "Index P2PE is a comprehensive, modular, and flexible solution designed to provide merchants with strong encryption of payment card data from the point of capture to the point of decryption at their gateway, payment processor, or acquirer."
Index P2PE — a patented, integrated part of Index's standard solution — secures sensitive card data from the moment of use to prevent hacking and fraud.
- 2048-Bit RSA Encryption Protects the Full Card Index P2PE uses non-format preserving encryption to protect the full card which significantly improves security and reduces the PCI DSS controls for retailers to manage. This is a dramatic improvement from the industry standard format preserving encryption — a method that only encrypts part of the account number.
- Asymmetric Key Encryption Simplifies Deployment Index P2PE employs public/private key pairs to simplify key rotation, distribution and management while enhancing the security of the solution. This is a significant improvement from the industry standard symmetric key encryption, which employs a single key for encryption and decryption, creating security risks and substantial compliance burdens — keys must be loaded in a Key-Injection Facility (KIF), and PIN pads are subject to costly audits in transit and in storage.
- Periodic Key Rotation via Public Key Infrastructure (PKI) Enhances Security Index uses key management processes established by the U.S. Government for the secure distribution, rotation, and revocation of encryption keys without the logistical complexity and cost of a KIF. Index's proprietary PIN pad applications enable secure key rotation based on configurable parameters like time and transaction count. Keys at the end of their life can be replaced with a remote update — no shipping or downtime.
Index's core solution — Index Semi-Integrated Payments and Hosted Gateway — provides retailers with turnkey P2PE, EMV with Quick Chip, and processing flexibility. By routing payment data directly from an Ingenico or Verifone PIN pad to the processor, Index removes the POS from the critical path to eliminate potential points of compromise. As a PCI Level 1 Gateway, Index provides a robust link from the POS to any payment processor including First Data, Vantiv, Chase Paymentech and Worldpay. Unlike traditional solutions that require retailers to manage a direct processor integration or an on-premise server, Index is a cloud-based, fault-tolerant solution that requires no on-premise hardware and significantly reduces compliance burdens for retailers.
"Holistic in-store security is critical for retailers and has always been at the foundation of our payment solution," said Jonathan Wall, Index co-founder and CTO. "Our semi-integrated payment architecture ensures cardholder data never passes through the POS, and Index P2PE provides industry-leading, layered protection to keep our retail partners and their customers safe from attacks."
Coalfire's independent technical assessment of Index P2PE included technical testing, an architectural assessment, industry analysis, and peer review. Coalfire conducted technical testing of the Index P2PE solution in both the Coalfire Labs, located in Westminster, Colorado, and the Index lab, located in San Francisco, California. This assessment included interviews with product subject matter experts, documentation review, POS installation, integration, transaction testing, device assessment, encryption and decryption validation, and forensic analysis of test systems and generated data.
A whitepaper describing how Index P2PE can be used to secure in-store transactions is available here.
To learn more about Index, visit www.index.com.
Index, based in San Francisco, is a leading retail software company that combines secure payments and personalized marketing to transform offline retail. Index provides a semi-integrated payments solution and fully hosted gateway for turnkey EMV, point-to-point encryption (P2PE) and processing flexibility. Its unique point-of-sale (POS) integration enables retailers to build an account for every shopper, unify customer profiles across channels, drive opt-in to deliver personalized marketing, and optimize every campaign.
Coalfire is the trusted leader in cybersecurity risk management and compliance services. Coalfire integrates advisory and technical assessments and recommendations to the corporate directors, executives, boards, and IT organizations for global brands and organizations in the technology, cloud, healthcare, retail, payments, and financial industries. Coalfire's approach addresses each businesses' specific vulnerability challenges, developing a long-term strategy to prevent security breaches and data theft. Coalfire has offices throughout the United States and Europe. www.Coalfire.com