What is PCI Point-To-Point Encryption (P2PE)?
The PCI Point-To-Point Encryption (P2PE) is applicable to solution providers who wish to validate an end-to-end encryption solution for the protection of cardholder holder data (CHD), encrypted the payment terminal through to the back-end processing environment where CHD is decrypted and sent to the acquirer for authorisation.
P2PE Solution validation is not mandatory; however, P2PE validated solutions can offer significant de-scoping benefits to the merchant, due to the end-to-end encryption, allowing for connected Point of Sale systems and networks to be excluded from the merchant’s PCI DSS assessment scope.
To be eligible to undertake their PCI Data Security Standard (DSS) compliance assessment against the lesser number of PCI DSS requirements included in the Self-Assessment Questionnaire (SAQ) P2PE, merchants must implement one of the validated P2PE solutions listed on the PCI SSC website.
Therefore, solution providers are keen to validate and achieve PCI-listing for their end-to-end encryption solutions by taking their solution through the formal P2PE Assessment process. Such P2PE Assessments are comprehensive, involving many stakeholders in the end-to-end solution, including terminal vendors, software vendors, key-injection facilities, certificate/registration authorities, decryption service providers and more.
In addition to the assessment and validation of complete end-to-end P2PE Solutions, the P2PE Program also allows for the assessment and validation of individual P2PE Component services, such as encryption management, decryption management or key injection, as well as the assessment and validation of P2PE Applications against P2PE Domain 2.
Sysnet is a PCI P2PE Assessor Company (QSAC) whose consultants are qualified by the PCI SSC as QSA (P2PE) and PA-QSA (P2PE) and have extensive experience in delivering advice for development, remediation and assessment of P2PE solutions.
Sysnet is able to undertake not only complete P2PE Solution Assessments but also P2PE Component Assessments and P2PE Applications Assessments, as appropriate for your P2PE Product.
As Sysnet’s QSA (P2PE) and PA-QSA (P2PE) consultants are located across the globe, we are able to work with you, your providers and vendors to ensure your P2PE validation goals are achieved and can be sustained.