PCI Watch

Tracking changes across the Payment Card Industry
ℹ️
Reference Content: This is archived content from PCI Security Standards Council bulletins, preserved for tracking changes over time.
View Original →

PCI Security Standards Council Bulletin: Implementation of P2PE Expired Listings

PDF






PCI Security Standards Council Bulletin:
Implementation of P2PE Expired Listings


2 September 2020

In accordance with P2PE Program Guide v3, PCI SSC will be introducing Expired Listings to the
PCI SSC website to transition P2PE Product Listings —P2PE Solutions, Components, and Applications—
that are overdue for annual revalidation or 3 -year reassessment by more than 180 calendar days to the
P2PE Expired Listing. P2PE Products that are on the P2PE Expired Listing are no longer considered
validated.

This change will be implemented 16 September 2020.

If the annual revalidation date or 3-year reassessment date is missed for a PCI-listed P2PE Product, the
Reassessment date on the listing turns orange for a period of 90 days. If the condition is not remediated
by the end of 90 days, the Reassessment date turns red for a period of 90 days. After a total of 180
calendar days without revalidation or reassessment, the P2PE Product will transition to the P2PE Expired
Listing.

While PCI SSC manages the P2PE Standard and supporting Program, each payment brand manages
their own compliance programs. We suggest consulting with the payment brands directly for assistance
understanding your compliance obligations.