The P2PE listing is meant to be the official PCI SSC resource for merchants and acquirers looking to deploy a P2PE solution to help simplify their PCI DSS security programs. To qualify for validation and listing on the Council’s website, a P2PE solution must comply with the PCI SSC P2PE Standard, encrypting cardholder data from the point where a merchant device accepts the payment card (for example, at the point of swipe or dip) to the point where the third-party payment processor or acquirer decrypts the data for processing.
So far, European Payment Services (EPS) is the first company to have a solution listed. The organization said at its 2013 European Community Meeting that the EPS Total Care P2PE solution was validated by P2PE assessor SecurityMetrics. PCI SSC also noted that a number of other solutions validated by P2PE assessors are under review, and once approved by the Council will be added to the listing.
“The building blocks of a strong security program are people, processes and technology,” said Bob Russo, general manager at PCI SSC, in a statement. “With this new solutions listing, we’re glad that merchants and others can now take advantage of PCI SSC-listed P2PE technology in their payment security efforts.”
Publishing the PCI Validated P2PE Solutions listing is the next step in the rollout of the Council’s P2PE program. Developed by input and feedback from PCI SSC’s global stakeholders, the program provides a method for vendors to validate their P2PE solutions and applications, and for merchants to reduce the scope of their PCI DSS assessments by implementing a validated and PCI-listed P2PE solution for accepting and processing payment card data.
“The use of point-to-point encryption technology to simplify PCI DSS security has been of great interest to our community, and especially here in Europe, with a number of our European stakeholders actively involved in the development of the P2PE program,” said Jeremy King, European director, PCI SSC. “We’re pleased to be able to announce this new resource at our 2013 Community Meeting in France, where we know merchants are eager to take advantage of this technology for securing their payment data.”