Which version of the P2PE Standard should be used for a P2PE assessment?
The latest version of the PCI P2PE Standard is v3.1, September 2021.
Recent FAQ Changes RSS
Latest changes to PCI SSC frequently asked questions.
Is the expectation that any PFI investigation initiated must result in a PFI Final Report?
Yes, a PFI Final Report is required. The expectation is that the PFI must complete the merchant’s PFI Investigation and produce the Final PFI Report, with details of adequate evidence …
Is the expectation that any PFI investigation initiated must result in a PFI Final Report?
Yes, a PFI Final Report is required. The expectation is that the PFI must complete the merchant's PFI Investigation and produce the PFI Final Report, with details of adequate evidence …
Which PCI PTS point-of-interaction (POI) devices can be used in a validated P2PE solution?
The PCI P2PE Standard and Program require the use of a PTS-approved (non-expired) point-of-interaction (POI) device, which has been evaluated and approved via the PCI PTS program with SRED (secure …
Is the expectation that any PFI investigation initiated must result in a PFI Final Report?
Yes, a PFI Final Report is required. The expectation is that the PFI must complete the merchant's PFI Investigation and produce the PFI Final Report, with details of adequate evidence …
Is the expectation that any PFI investigation initiated must result in a PFI Final Report?
Yes, a PFI Final Report is required. The expectation is that the PFI must complete the merchant’s PFI Investigation and produce the Final PFI Report, with details of adequate evidence …
Is a "P2PE Assessor" required for a merchant's PCI DSS assessment if the merchant uses a Council-listed P2PE solution?
No, merchants using PCI-listed P2PE solutions are not required to engage a P2PE assessor [that is, a P2PE Assessor or P2PE Application Assessor] for their PCI DSS assessments. Merchants should …
Is the expectation that any PFI investigation initiated must result in a PFI Final Report?
Yes, a PFI Final Report is required. The expectation is that the PFI must complete the merchant's PFI Investigation and produce the PFI Final Report, with details of adequate evidence …
Can a QSA that is not also a P2PE Assessor validate an encryption solution meets P2PE Requirements?
No. Only P2PE Assessors are qualified by the PCI Security Standards Council to evaluate P2PE Solutions, P2PE Components and P2PE Applications. Note that only a P2PE Assessor is qualified to …
Is the expectation that any PFI investigation initiated must result in a PFI Final Report?
Yes, a PFI Final Report is required. The expectation is that the PFI must complete the merchant's PFI Investigation and produce the PFI Final Report, with details of adequate evidence …