At its 2013 European Community Meeting today the PCI Security Standards Council (PCI SSC), an open, global forum for the development of payment card security standards, announced the availability of its Validated Point-to Point Encryption (P2PE) solutions listing on the PCI SSC website. This is the official PCI SSC resource for merchants and acquirers looking to deploy a P2PE solution to help simplify their PCI DSS security programs by removing clear-text cardholder data from the payment environment.
European Payment Services (EPS) is the first company to have a solution listed – its EPS Total Care P2PE solution was validated by P2PE assessor SecurityMetrics, Inc. A number of other solutions validated by P2PE assessors are under review, and once approved by the Council will be added to the listing, available here.
The PCI Validated P2PE Solutions listing is the next step in the rollout of the Council’s P2PE program. Developed by input and feedback from the Council’s global stakeholders, the program provides a method for vendors to validate their P2PE solutions and applications, and for merchants to reduce the scope of their PCI DSS assessments by implementing a validated and PCI-listed P2PE solution for accepting and processing payment card data.
To qualify for validation and listing on the Council’s website, a P2PE solution must comply with the PCI SSC P2PE Standard, encrypting cardholder data from the point where a merchant device accepts the payment card (for example, at the point of swipe or dip) to the point where the third-party payment processor or acquirer decrypts the data for processing.