PCI council published P2PE(point-to-point encryption) v3.0 and supporting programs. The P2PE aimed to help merchants for protecting customer payment card data.
The P2PE standard cryptographically protects account data from the point where the merchant accepts the payment to the secure point of decryption. By implementing a P2PE solution, the merchants make sure the cardholder data and sensitive authentication data is unreadable until it reaches decryption environment.
P2PE Standard and Program
PCI P2PE v3.0 maintains the same security standards as like v2.0,” the P2PE Standard in terms of adding clarity, providing additional guidance, making errata changes, resolving ambiguity, as well as restructuring the Standard to eliminate redundancy and improve its overall readability.”
The P2PE solution was introduced in the year 2015, version 3.0 also maintains the same security standard to protect payment data as like version 2.0.
Key updates focusing on validation program to add more flexibility for P2PE solution providers.
- P2PE v3.0 added more flexibility and to open the door for more PCI-validated P2PE solutions by introducing four additional components.
- The change allows more outsourcing for the solution and component providers, which will facilitate more available PCI P2PE Solutions for merchants.
By implementing “a PCI P2PE Solution can also allow merchants to reduce where and how the PCI DSS applies within their retail environment, increasing the security of customer data while simplifying compliance with the PCI DSS. ”
PIM program Instruction Manual provides guidelines to the solution providers for their merchant customers to effectively and securely manage their encryption environments.
“Driven by industry feedback given during an extensive request for comments (RFC) process, the program changes in version 3.0 will streamline the assessment process and provide more flexibility for component and solution providers,” said PCI SSC Vice President, Global Head of Programs Gill Woodcock.