EMV/Pin-based transactions, P2PE encryption, Mobile POS
Multiple card data breaches in the retail industry demonstrate the importance of payment application security. Existing magnetic stripe data (MSD) card payment technology, which was created several decades ago, is highly vulnerable by design. In order to protect cardholder data, many merchants follow Payment Card Industry Data Security Standards (PCI DSS
). However, security controls prescribed by PCI DSS are not effective in many situations. Extra measures, such as encrypting the sensitive card data “end to end,” are required in order to provide an adequate level of security and protect the payment transactions from fraud. The HP
SkyWire and HP solutions enable hardware encryption of sensitive cardholder data at the entry point which allows merchants to implement a point-to-point encryption (P2PE
SkyWire Mobile POS solution with the HP MX10
The MX10 POS solution consists of two major parts: The ElitePad Windows tablet and the HP Retail Jacket. A Magnetic Stripe Reader (MSR) device is mounted into the HP Retail Jacket and connected to the HP ElitePad via an internal USB connector when the Retail Jacket is attached to the ElitePad. The connection is transparent from an application point of view, so the MSR can be accessed by SkyWire POS software using standard methods just like regular MSR devices. Payment applications communicate with the MSR using OPOS, JPOS, POS for. NET, or direct USB command interface.
Payment transactions requiring customer PIN entry, such as MSD debit PIN or EMV Chip & PIN, can be processed using external PED (PIN entry device). PED can communicate with the HP ElitePad using a wireless connection (Bluetooth or Wi-Fi). Another option is using the USB port located on the HP Retail Jacket. Figure 5 shows the HP Mobile POS with Ingenico iCMP; however, virtually any pin pad device supporting standard communication protocols can be used with the HP Mobile POS to process PIN-based transactions.