SSC Gives P2PE an Upgrade

July 8, 2015 • Published Categories Industry TopicsTags , , ,

The PCI Council just released version 2.0 of the P2PE (Point-to-Point Encryption) Solution Requirements and Testing Procedures.

Quick background:  P2PE is the process of encrypting a card number in the hardware at the time of the swipe and keeping it encrypted all the way to the card processor. The Council has a list of Validated P2PE Solutions. If your business uses one of these validated solutions, you can qualify for a reduced SAQ (35 questions) with no scanning or penetration testing.

The major changes I can see from reviewing the council’s P2PE press release and “P2PE v2 At a Glance” documents are:

  1. The Council will now list validated P2PE Components on the Council website. They already list validated Solutions (whole systems, that when used reduce scope of SAQ) and validated Applications (just the software system part of the solution). This additional list will make it easier for those wanting to build a validated P2PE Solution to find components.
  2. The Council now allows large merchants to build their own P2PE Solutions for use in their own locations. This will make it easier for large merchants to put together the pieces of a solution, which a Qualified Security Assessor (QSA) must then validate.

In summary, while the requirements themselves have not changed dramatically, these changes make it easier for more merchants to ultimately move to P2PE. This is a very good thing given that P2PE drastically reduces scope of compliance, if implemented correctly.

Documents can be found here:

Press Release

P2PE V2 At a Glance

P2PE V2 for Merchants

P2PE Summary of Changes v1.1 to 2.0

P2PE Version 2.0 Full Standard

Want to learn more about how secure technologies can protect your business?

 Contact ControlScan or give us a call at 1-800-825-3301 x 2. We are happy to help. Subscribe to this blog for additional tips and webinar announcements.

Leave a Comment