Document Comparison
P2PE_At_a_Glance_v2.pdf
→
P2PE_At_a_Glance_v3.pdf
56% similar
2 → 2
Pages
1013 → 929
Words
11
Content Changes
Content Changes
11 content changes. 4 administrative changes (dates, page numbers) hidden.
Added
p. 1
PCI-approved POI (point of interaction) device w/SRED (secure reading and exchange of data) Secure Decryption Environment ENCRYPTED ACCOUNT DATA MERCHANT ENVIRONMENT Defining Elements of a P2PE Solution P2PE Solution: A PCI-listed point-to-point encryption solution includes a combination of secure devices, applications and processes that encrypt cardholder data from a PCI-approved point-of-interaction (POI) device through to a secure decryption environment.
A P2PE Solution can also leverage the flexibility of using PCI-listed Components for integration into their Solution. Using a PCI-listed P2PE Solution minimizes exposure of clear-text account data within the merchant environment, rendering the data unreadable between the PCI-approved POI device and the secure decryption environment.
All PCI-approved solutions, applications, and components are listed on the Council’s website. Validation is done by a PCI- qualified P2PE assessor.
• Offers a flexible solution for all stakeholders More Flexibility for Solution Providers and Merchants In response to the needs of P2PE community stakeholders, P2PE v3 brings …
A P2PE Solution can also leverage the flexibility of using PCI-listed Components for integration into their Solution. Using a PCI-listed P2PE Solution minimizes exposure of clear-text account data within the merchant environment, rendering the data unreadable between the PCI-approved POI device and the secure decryption environment.
All PCI-approved solutions, applications, and components are listed on the Council’s website. Validation is done by a PCI- qualified P2PE assessor.
• Offers a flexible solution for all stakeholders More Flexibility for Solution Providers and Merchants In response to the needs of P2PE community stakeholders, P2PE v3 brings …
Removed
p. 1
PCI-approved POI (point of interaction) device w/SRED (secure reading and exchange of data) P2PE Solution Provider ENCRYPTED ACCOUNT DATA MERCHANT ENVIRONMENT More Flexibility for Solution Providers and Merchants In response to the needs of P2PE community stakeholders, P2PE v2 brings more flexibility to solution providers
• and in particular, to companies that provide components for integration within P2PE solutions. Previously, the PCI Council’s website listed only validated P2PE solutions and P2PE applications; the listings will now include P2PE solution components, which are services that fulfill specific P2PE requirements. The listing of individual components makes it easier for a solution provider to be aware of and select validated components for integration. The same flexibility applies to merchants who are creating and managing their own P2PE solution.
With P2PE v2, large merchants can implement and manage their own P2PE solutions for their locations
• including implementation of requirements for separation between the merchant’s encryption environment …
• and in particular, to companies that provide components for integration within P2PE solutions. Previously, the PCI Council’s website listed only validated P2PE solutions and P2PE applications; the listings will now include P2PE solution components, which are services that fulfill specific P2PE requirements. The listing of individual components makes it easier for a solution provider to be aware of and select validated components for integration. The same flexibility applies to merchants who are creating and managing their own P2PE solution.
With P2PE v2, large merchants can implement and manage their own P2PE solutions for their locations
• including implementation of requirements for separation between the merchant’s encryption environment …
Modified
p. 1
• Simplifies compliance with
• Simplifies PCI DSS validation
Removed
p. 2
P2PE Solution: Consists of point-to-point encryption and decryption environments, their configuration and design, and any P2PE components used with these environments. Within the P2PE solution, account data is always entered directly into a PCI-approved POI device with secure reading and exchange of data (SRED) enabled. This approach minimizes exposure of clear-text account data, and protects against point-of-sale exploits such as “memory scraping” malware.
P2PE Component: A subset of P2PE services including encryption management, decryption management, and key injection, which are provided by a P2PE component provider and included in the P2PE component listing on the PCI website.
P2PE Component: A subset of P2PE services including encryption management, decryption management, and key injection, which are provided by a P2PE component provider and included in the P2PE component listing on the PCI website.
Modified
p. 2
P2PE Solution Provider: An entity, usually a third-party such as a processor, acquirer (merchant bank), or payment gateway, that designs, implements, and manages the P2PE solution. The solution provider may outsource certain responsibilities, but will always retain overall responsibility for the P2PE solution. With P2PE v2, merchants may also chose to act as their own solution provider by implementing a merchant-managed solution (MMS).
P2PE Solution Provider: An entity, usually a third-party such as a processor, acquirer (merchant bank), or payment gateway, that designs, implements, and manages the P2PE solution. The solution provider may outsource certain responsibilities, but will always retain overall responsibility for the P2PE solution.
Modified
p. 2
Benefits of P2PE for Merchants BETTER SECURITY Protects your customers’ data and your reputation.
Benefits of Using PCI-listed P2PE Solutions for Merchants BETTER SECURITY Protects your customers’ data and your reputation.
Modified
p. 2
PCI-listed P2PE Solutions provide the strongest encryption protection for your business. This means that your data is less valuable if stolen in a breach.
Modified
p. 2
SIMPLIFY VALIDATION Simplifies the PCI DSS validation effort.
Modified
p. 2
PCI-listed P2PE solutions reduce where and how PCI DSS requirements apply to your business. This saves you time and money on overall compliance efforts without sacrificing the security of your customers’ data.
PCI-listed P2PE solutions reduce the PCI DSS validation effort of a merchant’s cardholder data environment.
Modified
p. 2
• Merchants: Talk to your acquirer about selecting and using a PCI-listed P2PE v2 solution.
• Merchants: Talk to your acquirer about selecting and using a PCI-listed P2PE v3 solution.
Modified
p. 2
Use of P2PE v2 Solutions Please note that the release of P2PE v3 does not impact the validity or merchant use of PCI-listed solutions assessed to P2PE v2.