hero-security-and-fraud-risk.jpg

Security & Fraud Risk

Storing, processing and transmitting card data comes with risks. Our hosted services help you take card payment without taking card data, reducing your liability and PCI DSS scope.

P2PE

Point-to-Point Encryption (P2PE) is the latest payment technology that the PCI council has released a standard for. By implementing a validated P2PE solution a merchant can simplify their PCI compliance by eliminating clear-text cardholder data from their environment and reducing the scope of PCI DSS requirements.

It works by encryption keys being injected securely into the payment terminal, so when a card is inserted or swiped, the card details are automatically secured with encryption. They do not get unencrypted until they reach the payment service provider, allowing you to eliminate many Qualified Security Assessor (QSA) costs and enhance your security to further reduce breach risks.


You can view our P2PE listings below, simply search for Company name “PXP Solutions Ltd”.

Application Listing
Solution Listing

Format Preserving Tokenisation

Our sophisticated but easy to use tokenisation solution can greatly improve your customer experience, by allowing you to recall previous card transactions securely across all channels without storing the card data yourself. This can lead to easy refund and recharge across any sales channel your customer wishes to use. PXP creates tokens using Format Preserving Encryption (FPE) so that existing business applications and databases that would have stored card numbers do not have to be modified to store the tokens. FPE is applied to PAN data in order to generate the substitute value which passes the LUHN check and a PCI scan.

Payment Card Industry – Data Security Standard

PCI level I
PCI DSS compliance is a mandatory requirement for any business that handles and stores cardholder payment data and is assesses on an annual basis. To view our PCI-DSS Level 1 and PA-DSS compliant listings, visit:

Visa
PXP PCI Certificate

PXP is audited by Foregenix, an independent, specialised information security business, headquartered in the United Kingdom, with a global service delivery capability. Foregenix provides specialist services relating to PCI DSS, PA DSS, Forensic Investigations, Penetration Testing and Security Consulting. For more information, please visit Foregenix.

GDPR

At PXP Solutions we take information security very seriously. As a payment service provider we are required to meet the exacting standards of the PCIDSS, and as a level one payment service provider, we have extensive 3rd party security testing and onsite auditing throughout the year to ensure we are fully protected against the current threat landscape.

The new GDPR has put a slightly different perspective on the controls and governance procedure we already have in place. Because of this, PXP Solutions have decided to incorporate the IASME audit and certification process as a means of providing our customers with the additional assurance that all their data, not only the credit card data, is protected to the highest possible standards, and complies with the GDPR.

To demonstrate our compliance with the GDPR, PXP Solutions have completed the IASME Governance assessment. Successful completion of the IASME Governance assessment demonstrates adherence to industry best practices for Information Technology Governance and Information Security Management and addresses the specific requirements mandated by the GDPR. To view our IASME listing showing Cyber Essentials, IASME and GDPR certification,  please visit the IASME site: www.iasme.co.uk/certified-organisations

IASME Certificate of Assurance

Cyber Essentials Certificate of Assurance

SOC 2 TYPE II

PXP Solutions also have a successful Service Organisation Control (SOC) 2 Type II report providing our merchants with the added assurance that our systems are designed, implemented and operated to the very highest standards. The SOC 2 Type II report is produced by an American Institute of Certified Public Accountants security auditing company following a rigorous audit covering the trust services criteria of security, availability, processing integrity and confidentiality.

Certificate of Completion

Request a consultation

Request a free consultation with one of our payments experts.