PCI Watch

Tracking changes across the Payment Card Industry
ℹ️
Reference Content: This is a copy of content from the PCI Security Standards Council FAQ database, preserved for tracking changes over time.
View Original →
FAQ #1163 Published

Is a ?P2PE Assessor? required for a merchant?s PCI DSS assessment if the merchant uses a Council-listed P2PE solution?

No, merchants using P2PE solutions are not required to engage a P2PE assessor [that is, a QSA (P2PE) or PA-QSA (P2PE)] for their PCI DSS assessments.

Merchants using Council-listed P2PE solutions will continue to validate their PCI DSS compliance as determined by the payment brand compliance programs. For example, a merchant may need to engage a QSA to perform an onsite assessment, or they may be eligible to complete a self-assessment questionnaire (SAQ). Merchants should contact their acquirer (merchant bank) or payment brand directly to understand their validation requirements. Merchants wishing to engage a QSA for their PCI DSS review can find a list of QSAs on the Council website - https://www.pcisecuritystandards.org/approved_companies_providers/qsa_companies.php

View original on PCI SSC website View all versions Back to recent changes

Disclaimer: This FAQ has been processed for display on this website and may contain errors. Please check the original FAQ on the PCI SSC website for the authoritative version.