PCI Watch

A Council-listed P2PE solution must use a PCI-approved point-of-interaction device (POI), which has been evaluated and approved via the PCI PTS program with SRED (secure reading and exchange of data) listed as a ?function provided? and with SRED enabled and active. PCI PTS v3.0 is the first version of the PTS Standard to include SRED. Devices assessed to PCI PTS 3.0 with SRED are eligible for use in a P2PE solution.
For PCI PED 2.0 devices, the PCI SSC announced at the 2011 Community Meeting that PCI PTS 2.0 devices can be submitted to PCI PTS testing laboratories for SRED approval. In support of the P2PE initiative, previously approved v2.0 devices have a twelve month window starting 1 January 2012 to undergo a delta evaluation against the SRED module, and if applicable, the Open Protocols module. As a delta evaluation, the v2.0 approved device may leverage requirements that it previously met in v2.0 where those requirements parallel SRED requirements. For example, the devices may utilize algorithms and key sizes allowed in v2.0 in lieu of those specified in SRED requirements. Similarly, v2.0 devices may utilize v2.0 attack potential calculations for SRED requirements previously addressed under v2.0.
PTS v2.0 devices ?upgraded? using encrypting card readers must meet not only SRED, but the applicable card reader requirements in the Core section (the same as is done for approving card readers under PTS POI v3.1). The expiration of v2.0 devices? approval will remain as April 2017.
A summary of the PTS versions and applicability is provided below:

Note: The term Hardware/* is used to indicate P2PE solutions that use a PCI-approved hardware-based encryption mechanism (PCI-approved POI using SRED). Hardware/* represents both Hardware/Hardware and Hardware/Hybrid types of P2PE solutions.