The highest level in Global Security Standards – Secured System Operations

In 2020, HIT was certified as a “PCI P2PE Component Provider”.
This is a global Payment Card Industry Standard that provides the ability to manage and control encryption keys used for the transmission of credit card data in payment devices from the point of card contact straight through to the processor or bank.
This represents one of the highest standards in security, not only for its payment devices, but also for a secure facility, highly-trained security-aware staff and secure operations.
This in turn, also provides total security and safety at the customer level.

“PCI P2PE Component Provider” Certification

The Secured System Operation has Multi-Tiered features:

It starts with key injection into the “A920J” made by PAX Technology.

HIT setup a key injection service for the “A920J” Android mobile device made by PAX Technology in order to meet the growing customer demand to include business applications in addition to the payment platform.

Then we assist with the Omni-Channelization of Android Payment Devices.

With this service, merchants can take full advantage of the highly scalable capabilities of the Android OS, enabling smooth integration with non-payment platforms which until now, has been difficult to achieve with devices with a single payment function.

As a result, this system will greatly contribute the rapid development and acceptance of Omni-Channelized Android payment devices.

Android payment devices are very flexible in that they can provide not only the payment function, but also other business functions.

Thus more recently, Android payment devices are migrating away from a passive payment device to a proactive profit-maximizing solution with Omni-Channelized functions to make the most of Big Data.

Next we can efficiently install all applications and strengthen security levels.

With this service, encryption keys are injected directly into the payment devices.
Thus, it is not necessary for merchants to preinstall any payment applications that are unique for each payment service provider before deploying.

For example, merchants could first deploy payment terminals with Omni-Channelized applications instead of the payment applications. The payment applications can then be distributed at a later date.

Lastly, we have domestic control of the encryption keys which levies against overseas risks.

In the past, companies using payment terminals from foreign manufacturers had to also rely on the foreign manufacturers to provide encryption keys, request key injection, and connect to foreign servers or certificate authorities (CAs).

We have acquired P2PE certification in order to strengthen the security surrounding the encryption and key management processes for payment terminals, with the aim of not relying on foreign manufacturers, but rather to move the entire process in-house at our facility in Tokyo.

Thus by building a facility that can operate independently in Japan, we believe that Japanese customers will be able to use payment terminals with a greater peace of mind.

With the impact of the new coronavirus pandemic it is difficult to determine what policies are being implemented in each country, as well as it being difficult to predict the impact of information exposure that can occur overseas or network shut-downs.

Thus, it is important for Japanese businesses and merchants to mitigate risk by being prepared to avoid overseas uncertainties such as business service and supply chain disruptions.