PCI Watch

Tracking changes across the Payment Card Industry
ℹ️
Reference Content: This is a copy of content from the PCI Security Standards Council FAQ database, preserved for tracking changes over time.
View Original →
FAQ #1160 Published

What is a point-to-point encryption (P2PE) solution?

A point-to-point encryption (P2PE) solution is provided by a third party solution provider, and is a combination of secure devices, applications and processes that encrypt data from the point of interaction (for example, at the point of swipe or dip) until the data reaches the solution provider?s secure decryption environment.

A PCI P2PE solution must include all of the following: - Secure encryption of payment card data at the point-of-interaction (POI) - P2PE-validated application(s) at the point-of-interaction - Secure management of encryption and decryption devices

  • Management of the decryption environment and all decrypted account data
  • Use of secure encryption methodologies and cryptographic key operations, including key generation, distribution, loading/injection, administration and usage.

Please refer to the P2PE Standard and P2PE Program Guide for further information.

View original on PCI SSC website View all versions Back to recent changes

Disclaimer: This FAQ has been processed for display on this website and may contain errors. Please check the original FAQ on the PCI SSC website for the authoritative version.