At its 2013 European Community Meeting, the PCI Security Standards Council (PCI SSC), an open, global forum for the development of payment card security standards, announced the availability of its Validated Point-to Point Encryption (P2PE) solutions listing on the PCI SSC Website.
This is the official PCI SSC resource for merchants and acquirers looking to deploy a P2PE solution to help simplify their PCI DSS security programs by removing clear-text cardholder data from the payment environment.
European Payment Services (EPS) is the first company to have a solution listed—its EPS Total Care P2PE solution was validated by P2PE assessor SecurityMetrics Inc. A number of other solutions validated by P2PE assessors are under review, and once approved by the Council will be added to the listing, available at: https://www.pcisecuritystandards.org/approved_companies_providers/validated_p2pe_solutions.php.
The PCI Validated P2PE Solutions listing is the next step in the rollout of the Council’s P2PE program. Developed by input and feedback from the Council’s global stakeholders, the program provides a method for vendors to validate their P2PE solutions and applications, and for merchants to reduce the scope of their PCI DSS assessments by implementing a validated and PCI-listed P2PE solution for accepting and processing payment card data.
“The building blocks of a strong security program are people, processes and technology. With this new solutions listing, we’re glad that merchants and others can now take advantage of PCI SSC-listed P2PE technology in their payment security efforts,” said Bob Russo, general manager, PCI SSC.
To qualify for validation and listing on the Council’s Website, a P2PE solution must comply with the PCI SSC P2PE Standard, encrypting cardholder data from the point where a merchant device accepts the payment card (for example, at the point of swipe or dip) to the point where the third-party payment processor or acquirer decrypts the data for processing.
“The use of point-to-point encryption technology to simplify PCI DSS security has been of great interest to our community, and especially here in Europe, with a number of our European stakeholders actively involved in the development of the P2PE program,” said Jeremy King, European director, PCI SSC. “We’re pleased to be able to announce this new resource at our 2013 Community Meeting in France, where we know merchants are eager to take advantage of this technology for securing their payment data.”
For more information about the PCI SSC P2PE program, please visit the PCI SSC Website or contact: [email protected].