Security | Always | Everywhere


Security is Handpoint’s number one priority in every element of its design.

Handpoint has been a pioneer in securing payments during the (r)evolution to mobile and integrated payments. We built our platform from the bottom up with P2PE architecture in mind. The layers of our secure solution are designed to protect merchants and cardholders -- from the setup of the terminal, through every touchpoint of the transaction, on every day of the merchant lifecycle.

Activation & Deployment:

  • Handpoint terminals are protected by remote key injection and remote software injection. When a terminal ships, it cannot process a transaction. Only once a unique terminal is paired with a merchant’s unique POS will the terminal connect to Handpoint and download its unique configuration, the most up-to-date terminal software, and the specific encryption keys –- all with no merchant effort. ​
  • This clever remote key injection technology prevents man-in-the-middle attacks, while DUKPT key management processes ensures that encryption keys are unique per transaction.​

Transaction Processing:​

  • P2PE security on every card reader helps protect every EMV, NFC, or MSR transaction. This means that no vulnerable data is passed through a merchant's network or integrated software (POS) application. Handpoint was the world's first mPOS provider to receive the coveted PCI-P2PE validation for its payment application (software terminal). All data is always strongly encrypted, everywhere.​
  • Handpoint’s PCI-DSS certified platform is hosted on AWS for infinite scalability and uptime.​​
  • Chargebacks and fraud are significantly reduced with EMV & NFC acceptance.​​​
  • Fast and simple semi-integrated APIs eliminate sensitive data from POS systems AND eliminate your need to EMV certify POS software integrations. Our semi-integrated architecture means that the POS is completely out of scope from the EMV payment path. ​
  • Handpoint’s combined semi-integrated architecture and P2PE encryption eliminate any sensitive data from the POS environment, reducing both risks from hackers and PCI audit issues, plus delivering all the savings from chargebacks that an EMV card reader offers.​​
  • How does it work? The POS simply tells an amount to the Handpoint card reader, and the card reader does all the rest. Our P2PE payment application, hosted on the card reader, encrypts the entire message with DUKPT and 3DES from the first dip, tap, or swipe. The encrypted message is routed directly to our security service and gateway switch, utilizing PCI-mandated security protocols, and then sent to your processor for authorization. The corresponding authorization is sent back directly to the Handpoint card reader, which simply returns the authorization and receipt to the POS.​

Merchant Management: ​​

  • Handpoint’s unique secure key pairing process ensures that no one can swap out a terminal and route transactions fraudulently. If a terminal is tampered with, its encryption keys are immediately destroyed.​
  • Terminals are kept up-to-date with no merchant effort via remote terminal updates controlled by the acquirer.
  • Acquirers can see transaction data down to the terminal level is available in near real time​​​​
  • Lost or stolen terminals can be deactivated instantly with the click of a mouse in the cloud-hosted TMS.
  • And if you choose to cancel a merchant relationship, you can deactivate their processing in seconds.​​​

No matter where your merchants transact, Handpoint security is already there.​