(Note the term "solution provider" below can be used interchangeably with "component provider," depending on the entity managing the POI devices.) Please refer to the latest P2PE glossary for …
Yes. However, while it may be possible for a PCI POI device to implement all the necessary functionality for use in a P2PE solution solely within its existing PTS-approved firmware, …
The P2PE Standard does not require applications solely used in a P2PE solution to be validated to PA-DSS. PA-DSS and P2PE are distinct PCI standards with separate requirements and programs, …
No. The Software-based PIN Entry on COTS (SPoC)? Standard, Contactless Payments on COTS (CPoC?) Standard and P2PE Standard are separate PCI SSC standards intended for unique use cases.
PCI-listed P2PE solutions (and applicable P2PE components) are allowed toreassess their existing PCI P2PE approval with expired PTS POI devices for up to, but not exceeding, 5 years past the …
A high-level summary of expiry dates for each version of the PTS POI Security Requirements is provided below. Full details can be found in the PCI PTS Device Testing and …
While PCI DSS does not require that PCI PTS-approved devices be used, some payment brands have their own requirements for using PTS-approved devices, including whether PTS devices with expired approvals …
No, PCI DSS Requirement 9.9 does not require devices to be fixed in place or physically attached to a surface. Requirement 9.9 and its three sub-requirements address three areas of …
PCI DSS Requirement 3.2 prohibits storage of sensitive authentication data (SAD), including card validation codes and values, after authorization even if the data is encrypted. Storage of card validation codes …