Recent FAQ Changes RSS

No.

Please reference FAQ What effect does the use of a PCI-listed P2PE solution have on a merchant's PCI DSS validation? and Can merchants use encryption solutions not listed …

A Council-listed P2PE solution must use a PCI-approved point-of-interaction device (POI), which has been evaluated and approved via the PCI PTS program with SRED (secure reading and exchange of data) …

Generally, encrypted cardholder data stored at a third-party storage provider remains the responsibility of the storage provider's customer who is storing the data. However, determining which party is responsible for …

No, PCI PED 1.x devices are not eligible for SRED validation, and therefore cannot be used in a PCI P2PE solution.

No. While use of a validated, listed P2PE solution can help to reduce the scope of a merchant's cardholder data environment, it does not remove the need for PCI DSS …

The P2PE solution provider is a third-party entity (for example, a processor, acquirer, or payment gateway) that has overall responsibility for the design and implementation of a specific P2PE solution, …

A point-to-point encryption (P2PE) solution is provided by a third party solution provider, and is a combination of secure devices, applications and processes that encrypt data from the point of …

The PCI Point-to-Point Encryption (P2PE) Standard contains detailed security requirements and testing procedures for application vendors and providers of P2PE solutions to ensure that their solutions can meet the necessary …