PCI Council Publishes Updated Standard for P2PE

July 2, 2015

PCI Council Publishes Updated Standard for P2PE This week, the Payment Card Industry Security Standards Council (PCI SSC) published an update to its standard for point-to-point encryption (P2PE) solutions. P2PE seeks to make any payment card information stolen using POS malware unreadable and, consequently, useless. PCI SSC said its Point-to-Point Encryption Solution Requirements and Testing Procedures Version 2.0 provides more flexibility to P2PE solution providers and merchants that want to implement a solution to secure data.

Before this current update, the PCI SSC Website listed only validated solutions and applications. The updated version includes a list of approved individual components providers can use to integrate into a solution. It applies to merchants that want to create their own solution, as well.

Troy Leach, CTO of the PCI SSC said: “With version 2.0 the Payment Card Industry Council is responding to market feedback to provide a simpler approach to validating solutions, while still maintaining a strong level of integrity in the validation process that will result in the most secure options for merchants.”