PCI Council Publishes Updated Standard for P2PE
July 2, 2015
This week, the Payment Card Industry Security Standards Council (PCI SSC) published an update to its standard for point-to-point encryption (P2PE) solutions. P2PE seeks to make any payment card information stolen using POS malware unreadable and, consequently, useless. PCI SSC said its Point-to-Point Encryption Solution Requirements and Testing Procedures Version 2.0 provides more flexibility to P2PE solution providers and merchants that want to implement a solution to secure data.
Before this current update, the PCI SSC Website listed only validated solutions and applications. The updated version includes a list of approved individual components providers can use to integrate into a solution. It applies to merchants that want to create their own solution, as well.
Troy Leach, CTO of the PCI SSC said: “With version 2.0 the Payment Card Industry Council is responding to market feedback to provide a simpler approach to validating solutions, while still maintaining a strong level of integrity in the validation process that will result in the most secure options for merchants.”