Since October 2015 , when the Payment brands (Visa, MC, Amex, etc) shifted much liability for fraud to Merchants the terms:
EMV, P2PE, E2E, Semi-Integrated are all words thrown about and often confused.
There is overlap in a sense but these are really different issues any merchant should well understand for the security of their credit card handling.
EMV – Euro Mastercard Visa. A Chip card capable system. This offers superior protection than traditional swipes. Also if a Merchant is presented a Chip card but does not have the equipment to accept it, they can in many cases be found liable if there is fraud.
Also dishonest consumers often try to take advantage of the liability with what is called an EMV Chargeback. These are BILLIONS of dollars industry wise. A customer can rack up a bill, use a Chip card on your non-Chip aware POS and then dispute the charge. In almost all cases the bank will charge you back first and you have to fight to get your money back with documentation. This is a common scheme the last 2 years.
SEMI-INTEGRATED – These are the new standard devices that offer the security of a Stand Alone but still link to a Point-of-Sale System. You see them at many C-Stores and Walgreens/CVS/Etc.
The Point of Sale system requests authorization and gets back an answer, but the POS computer nor the software ever knows what that sensitive data was. This helps make a merchant “Out of Scope” for PCI and lessens the PCI Compliance barrier.
Additionally, Semi Integrated devices have some other benefits such as Apple Pay, Proximity reading for cards enabled, and they are customer facing which removes your cashier from handling sensitive data, another PCI bonus.
Almost every Semi Integrated Device is also EMV. Everyone Datapoint supports at least.
P2PE & E2E : These stand for Point to Point Encryption and End to End Encryption. The differences are a bit technical but what they do is add an extra layer of security whereby the message at the Semi Integrated Device not only does not go thru a POS or computer at the store, it can only be decrypted by the recipient with the proper key.
More and more Franchisors are demanding P2PE or else forcing their franchisees to Stand-Alones which are an operational nightmare in terms of accurate employee cash controls.
We STRONGLY recommend that any Merchant in this day and age be using a P2PE or E2E certified Semi-Integrated solution that supports EMV. This is the strongest protection offered in today’s technology while also providing the accountability to a POS system that a Stand-Alone device cannot.
Datapoint POS has a solution for every merchant processing provider out there. Some have not yet implemented their own solution and must be piggy backed on another solution for P2PE which can involve a cost on their part (not ours), but at the very least you should be using a Semi-Integrated EMV capable device, and most preferably one that is P2PE/E2E capable.
If you are interested please contact us so we can address your specific needs. firstname.lastname@example.org
David De Coursy, PCI Certified Professional, ETA Certified Payments Professional
DatapointPOS, a PCI-QIR certified company