POS Portal

P2PE Hardware Solution by POS Portall


Let us help you navigate P2PE

P2PE? PCI Compliance? Domain 6 Validation?
We’ll help you make it a cake walk.

POS Portal can provide a truly complete end-to-end solution for Processors, Gateways, or merchant acquirers when it comes to the mandated validation of point-to-point encryption (P2PE), PCI Compliance, and Domain 6 regulations.



Chain of Custody

POS Portal maintains a complete Chain of Custody from Receipt into our facility to Deployment of the POI’s to our customers. The Chain of Custody is recorded at the serial number level meaning each device can be audited and tracked throughout the process. POS Portal makes these records available through our REST API so that our clients can utilize them in their own solution.

Audited by Coalfire

Coalfire is a global leader in cyber risk management and compliance services with over 15 years of experience. Designed to meet the needs of every organization regardless of size, Coalfire’s services address all PCI DSS requirements, including security management, policies, procedures, network architecture, software design and other critical protective measures.

Tamper Evident Packaging

POS Portal has built systems to track the chain of custody and has invested in systematic and physical controls including tamper-evident packaging to secure fully configured devices to the merchant’s door. The merchant can verify that POS Portal has a tamper bag associated with a serialized device.

P2PE Key Generation

POS Portal can generate the encrypted key for each PTS device family in accordance with PCI Requirements. More important, POS Portal is the leading industry provider authorized for P2PE with every major processor in the United States.

Order Accuracy

POS Portal prides itself on securely encrypting all of our devices accurately. POS Portal has made multiple systematic updates to ensure orders adhere to the strict standards. This includes utilizing Modern Device Configuration to ensure that P2PE orders are properly flagged, inventory is tracked, configuration is accurate and all orders are systematically validated in QA.

Annual Reporting

POS Portal provides annual reporting to the Solution Provider in compliance with PCI P2PE requirements. While the aggregate data is also available through the REST API, the POS Portal Compliance Manager will provide formal Annual Reporting per the PCI P2PE V2 Requirements.

Data Availability for Solution

POS Portal makes transactional data available for Solution Providers to utilize through our REST API. This additional data includes, but is not limited to:

  • Order Number
  • Device Serial Number
  • Tamper Evident Bag Serial Number
  • Ship Date/Time
  • Chain of Custody Records

Bi-Coastal State of the Art Facilities

POS Portal has validated both our East and West coast facilities to adhere to strict industry standards.

Our facilities are maintained to protect devices and sensitive equipment 24/7 with dual access door control, camera surveillance and limited personnel access.


P2PE Overview

Through a combination of secure devices, applications, and processes, businesses can encrypt data directly from the point of interaction to the P2PE solution provider’s secure decryption environment. This means the data isn’t decipherable to anyone who might steal it during the transaction process, and thus lacks value for thieves.

POS Portal has already begun working with leading Solution Providers to implement end-to-end programs that will ensure the fastest possible delivery of P2PE certified devices direct to merchants. With the certification of its key injection facilities by the PCI Security Standards Council, POS Portal offers a streamlined, cost-effective way for Solution Providers to reduce audit scope and access real-time chain of custody information.


Key Injection Facilities

We have two P2PE validated Key Injection Facilities (KIF) which means that as a component provider we are validated to configure and deploy secure payment devices on behalf of anyone bringing a solution to market.

How can POS Portal Help?

POS portal has been in the Key management and encryption business for over 16 years. We have one of the nations largest cryptographic key libraries. And we currently create and manage keys for most of the nations largest processors, gateways and POS developers. For any solution provider looking to implement P2PE we make it easy.



You must be a Solution Provider with a validated P2PE solution or in the process of becoming P2PE certified and looking for a P2PE certified KIF.


Every client has a unique set of needs, therefore every solution is just as unique. Please contact us using the link below and a Portal Secure representative will work with you to fully understand your needs and provide pricing that best fits your individual requirements.


Ordering Process

1. Use POS Portal’s REST API to seamlessly enter orders through your company’s own proprietary system.


2. Use POS Portal’s Salesforce Integration, either within your own SFDC org or one that POS Portal provisions.


The Domain 6 Validation Requirements are a combination of warehouse processes and system updates that ensure devices used for P2PE have not been tampered with in any way. “Chain of Custody” refers to required historical information that tracks who has handled a device (when and where) throughout its life—from the point of its arrival to a distribution facility to its confirmed receipt by an authorized merchant representative.

POS Portal can provide end-to-end solutions for Processors, Gateways, or merchant acquirers when it comes to every Domain 6 requirement. We also meet every requirement issued by the PCI Council for P2PE validation. Specifically, POS Portal solves for all six requirements mandated by Domain 6.

POSPortal P2PE Chain of Custody Circle


Do you need to chat with sales or service?