2. A security methodology that is designed to encrypt
cardholder data immediately upon capture via chip read,
swipe, tap, or keyed within a secure point-of-interaction.
Data from transactions processed with a PCI-validated P2PE
solution isn’t decipherable to anyone who might steal it
during the transaction process and thus lacks value
for thieves.
Point-to-Point Encryption
What is
P2PE?
5. Payment Card Industry (PCI) Security Standards Council (SSC)
Who developed the standards?
What is the standard?
Who validates the solution?
The stringent PCI SSC Point-to-Point Encryption (P2PE) Standard version 2.0 was developed to
establish security standards for payment device chain of custody and payment card data in transit
Independent PCI P2PE Qualified Security Assessor (QSA) and
Payment Card Industry (PCI) Security Standards Council (SSC)
6. PCI DSS is the basic standard for payment security.
P2PE is the highest form of payment encryption
security available.
PCI DSS
vs
P2PE
If payment security were cars, PCI DSS would be the basic sedan
and P2PE would be the armored tank.
7. PCI DSS
The PCI DSS framework is a list of
technical, physical, and process
controls that are required to
address security threats that could
compromise cardholder data within
the merchant environment.
P2PE
Validated P2PE solutions have strict guidelines to
drastically reduce the risk of tampering including special
packaging and tracking the device through a secure chain
of custody throughout shipment, starting from terminal
key injection facility, to the terminal provisioning by the
solution provider, and to the delivery/receiving point of the
device’s end-user organization.
8. Also referred to as "chain-of-custody",
stringent processes extend to the
integrity of all devices throughout
their life to ensure the device has not
been tampered with.
Device
Integrity