What is a P2PE solution provider?
The P2PE solution provider is a third-party entity (for example, a processor, acquirer, or payment gateway) that has overall responsibility for the design and implementation of a specific P2PE solution, …
Deleted FAQs
FAQs that have been removed from the PCI SSC website or have dead links.
For P2PE Requirement 3B-5, is it the responsibility of the solution provider to "push" patches to all affected POI devices, or is it sufficient for them to make it available for download and advise the merchant how to download and install the patches?
This is a Technical FAQ for P2PE versions 1.x. This is a "normative" FAQ that is considered to be part of the P2PE requirements and shall be considered during a …
What is the purpose of the P2PE Program Guide v1.2 that was published in October 2015?
P2PE Program Guide v1.2 was updated October 2015 to align processes and listings with the evolving P2PE Program and is effective immediately for P2PE v1.1 assessments, superseding P2PE Program Guide …
Is there an exception to P2PE Requirement 3B-3.1 that a merchant cannot view full PAN, for those areas where there is a legal or regulatory obligation to print the full PAN on merchant receipts?
This is a Technical FAQ for P2PE versions 1.x. This is a "normative" FAQ that is considered to be part of the P2PE requirements and shall be considered during a …
Are applications listed as Acceptable only for Pre-existing Deployments able to meet the current PA-DSS and PCI DSS?
Payment applications that are listed as Acceptable only for Pre-existing Deployments have previously been validated as meeting PA-DSS but the validation is no longer current. This may be due to …
Is it required that all of a company's sites, even those located in other countries, must be included in the company's PCI DSS review?
The PCI DSS is a global standard and is applicable to all entities that process, transmit or store cardholder data regardless of geographic location. Each payment brand manages their PCI …
What is a point-to-point encryption (P2PE) solution?
A point-to-point encryption (P2PE) solution is provided by a third party solution provider, and is a combination of secure devices, applications and processes that encrypt data from the point of …
Must SRED devices leave the deployment facility in an already-encrypting state? In lieu of this, can a solution provider use a tool or method to monitor and alert if any unencrypted transactions are received?
This is a Technical FAQ for P2PE versions 1.x. This is a "normative" FAQ that is considered to be part of the P2PE requirements and shall be considered during a …
For how long are assessments of P2PE Solutions valid?
For PCI-listing purposes and providing all other program requirements continue to be met, P2PE v1.1 solutions are valid for 2 years whereas P2PE v2 solutions are valid for 3 years.
For P2PE Requirement 6E-4.1, testing procedures 6E-4.1.c and d specify unique POI keys'does this mean that unique public encryption keys must exist for each POI?
This is a Technical FAQ for P2PE versions 1.x. This is a "normative" FAQ that is considered to be part of the P2PE requirements and shall be considered during a …