Diff: FAQ #1163
Is a ?P2PE Assessor? required for a merchant?s PCI DSS assessment if the merchant uses a Council-listed P2PE solution?
Earlier Version
Later Version
Removed
Added
No, merchants using PCI-listed P2PE solutions are not required to engage a P2PE assessor [that is, a QSA (P2PE) or PA-QSA (P2PE)] for their PCI DSS assessments.
Merchantsusing Council-listed P2PE solutions will continue to validate their PCI DSS compliance as determined by the payment brand compliance programs. For example, a merchant may need to engage a QSA to perform an onsite assessment, or they may be eligible to complete a self-assessment questionnaire (SAQ). Merchants should contact their acquirer (merchant bank) or payment brandbrand(s) directly to understand their PCI DSS validation requirements. See FAQ 1142 for information regarding contacting the payment brands.
Merchants wishing to engage a QSA for their PCI DSS review can find a list of QSAs on the PCI Council website - https://www.pcisecuritystandards.org/approved_companies_providers/qsa_companies.php
Merchants
Merchants wishing to engage a QSA for their PCI DSS review can find a list of QSAs on the PCI Council website - https://www.pcisecuritystandards.org/approved_companies_providers/qsa_companies.php
Disclaimer: This FAQ has been processed for display on this website and may contain errors. Please check the original FAQ on the PCI SSC website for the authoritative version.