PCI P2PE consulting for payment solution
Global Payments Europe is a global player with a complete portfolio of services for card issuers and merchant acquirers. GPE wants to adapt, grow and lead their customers into the future with technology-enabled, software-driven solutions. Recognized as the real expert, trusted and stable partner, the company issues 4.5 million cards and processes more than 1.3 billion transactions annually.
Global Payments Europe supports the unique ideas of its clients and therefore it is very flexible in customization of its services. The teams are ready to deliver a complete portfolio of services or only a single solution to their clients.
Having stabilized core processing platform GPE focusses on innovations which brings to the end customers new user experiences as identification of a customer via payment card, mobile payments or the usage of a standard payment card as a coupon in the public transport.
Service. Driven. Commerce
Customer Requirements
GPE needed to provide a secure payment terminal offering to one of the global players in the petrol segment. The customer required that the whole payment solution had to be P2PE compliant and validated. The delivery included application for the EFT payment terminals, Encryption Management Services and Key Management Services. The requested consulting services included:
- PCI P2PE scope delimitation
- GAP analysis to find the current state of the system with regards to the standard
- create policies and procedures that are aligned with the standard as well as to generate evidence for assessment
- assistance of 3Key consultant by the formal assessment
Delivery
3Key has a deep expertise in designing and operating PCI P2PE compliant systems. Therefore, GPE decided to engage 3Key to assist with the design and implementation of the project needed to achieve the PCI P2PE compliance and certification.
Payment service compliant with PCI P2PE standard is a comprehensive solution, however broken down into various components, which can be assessed independently by the P2PE assessor. In the case of this project the overall solution was split between the GPE and its customer (a major global petroleum company). 3Key first had to define the scope of the PCI P2PE components, which were part of the GPE scope. These then had to be assessed to define their status vis-a-vis the PCI P2PE standard. The result was documented in a GAP analysis and subsequent design of the security controls that were needed to comply with the standard. These security controls, policies and related procedures were designed in a close cooperation with the customer’s technical team and were overall tailored to the existing technical solution and resources. This way it was possible to achieve the delivery of PCI P2PE compliance in the most efficient way and save effort and resources on GPE side. Using experience from previous similar project, the designed controls and documentation enabled GPE to streamline the compliance assessment process. The customer representatives especially valued the cooperation by the presentation of the systems to the PCI assessor, where the experience and competence of the 3Key specialist proved invaluable.
Solution Benefits
- Scope definition and separation of the P2PE responsibilities between GPE and its customer
- Swift design and preparation of all technical controls
- Effortless preparation of the necessary documentation and policies
- Tailored solution for GPE for effective and efficient delivery of the PCI P2PE compliance
- Adjusting the project delivery timeline according to the needs and priorities of the customer
- Ongoing support by the PCI P2PE operation
Get in touch with us!
We would be happy to help you succeed!