December 1, 2015
Dara Security Assesses True P2PE™
At Shift4, we value our customers’ payment data security above all else. Every product and technology we provide was created knowing that data breaches and fraud are real threats that can happen to anyone at any time. With that in mind, we want to make sure that all of our payment solutions are as secure as possible. Recently, we approached Dara Security, an award-winning information security services firm and PCI Qualified Security Assessor (QSA), about performing an in-depth technical assessment of the performance and security of our point-to-point encryption (P2PE) solution, True P2PE™.
Dara Security found that Shift4’s method of cardholder data encryption “provides the same risk and scope reduction as that of a validated P2PE solution.” True P2PE is not a PCI 2.0 validated solution simply because we don’t use hardware security modules (HSMs) to decrypt cardholder data. Instead, we have “invented key management methods where whole Data Decryption Keys are never written to disk, even in encrypted form.”
-Dara Security Assessment
At Shift4, we will always choose a high level of security for our merchant customers over a simple PCI checklist. Some companies might think checking boxes is good enough, but unfortunately it doesn’t always equate to real-world security. We believe in Security Beyond Compliance®.
You can read Dara Security’s full assessment here.