News Regarding Point-to-Point Encryption (P2PE)
It’s important to take self-assessments in regards to your company and business plan, especially when it comes to credit card processing services. The PCI Security Council just released one in late June that can possibly help merchants using point-to-point-encryption, or P2PE, gain a little leniency in regards to their PCI compliance. If you are a merchant that is using P2PE then you can take a look at the revised program guide and take a look at the self-assessment questionnaire (SAQ) at www.pcisecuritystandards.org.
Currently, PCI requirements only become a little easier to abide by if you meet very specific standards outlined by the PCI Security Council. The restrictions were detailed by PCI SCC and are as follows:
• Merchant may ONLY process transactions using a PCI Security Council approved P2PE solution.
• Merchant must confirm that they are using a validated P2PE solution listed on the Council’s website.
• Merchant must confirm that they have found and removed any legacy cardholder data from all systems.
• The P2PE solution must be implemented according to the provider’s P2PE Implementation Manual (PIM).
You can view a very detailed outline of what is necessary and what you need to know here.
The SAQ itself is very simple and only comprised of 18 questions. It will help you clarify whether or not you meet the strict guidelines the PCI SSC has set forth for merchant account services. Although for the moment, most merchants will probably not meet these guidelines, this is a step in the right direction for all merchants. Hopefully, all of those merchants those using P2PE will be rewarded for their efforts in the very near future.