FAQ #1161 Diff
What is the Point-to-Point Encryption (P2PE) Standard?
Earlier Version
Later Version
Removed
Added
The PCI Point-to-Point Encryption (P2PE) Standard contains detailed security requirements and testing procedures for application vendors and providers of P2PE solutions to ensure that their solutions can meet the necessary requirements for the protection of payment card data.
As of April 2013, the Council has released two P2PE Standards to accommodate solutions using hardware-based encryption and either hardware-based or hybrid-based decryption. A high-level summary of the two Standards is provided below:
| | | | |
| --- | --- | --- | --- |
| P2PE Standard (Solution type) | P2PE Solution Characteristics | Description of Encryption mechanism | Description of Decryption mechanism |
| Hardware / Hardware | Encryption, Decryption, and Key Management within Secure Cryptographic Devices | Hardware: encryption of account data within a PCI-approved POI using SRED | Hardware: all decryption and key management within SCDs (HSMs) |
| Hardware / Hybrid | Encryption & Key Management within Secure Cryptographic Devices, and Decryption of Account Data in Software | Hardware: encryption of account data within a PCI-approved POI using SRED | Hybrid: decryption of account data in software with key management in SCDs (HSMs) |
As of April 2013,Note: The term Hardware/* is used to indicate P2PE solutions that use a PCI-approved hardware-based encryption mechanism (PCI-approved POI using SRED). Hardware/* represents both Hardware/Hardware and Hardware/Hybrid types of P2PE solutions. Subsequent releases of the Council has released two P2PE Standards to accommodate solutions using hardware-based encryption and either hardware-based orP2PE program are planned and will address requirements for hybrid-based decryption. A high-level summary of the two Standards is provided below:
P2PE Standard (Solution type)
P2PE Solution Characteristics
Description of Encryption mechanism
Description of Decryption mechanism
Hardware / Hardware
Encryption, Decryption, and Key Management within Secure Cryptographic Devices
Hardware: encryption of account data within a PCI-approved POI using SRED
Hardware: all decryption and key management within SCDs (HSMs)
Hardware / Hybrid
Encryption & Key Management within Secure Cryptographic Devices, and Decryption of Account Data in Software
Hardware: encryption of account data within a PCI-approved POI using SRED
Hybrid: decryption of account data in software with key management in SCDs (HSMs)
Note: The term Hardware/* is used to indicate P2PE solutions that use a PCI-approved hardware-based encryption mechanism (PCI-approved POI using SRED). Hardware/* represents both Hardware/Hardware and Hardware/Hybrid types ofencryption, as well as scenarios where merchants manage their own P2PE solutions.
Subsequent releases of the P2PE program are planned and will address requirements for hybrid-based encryption, as well as scenarios where merchants manage their own P2PE solutions.
As of April 2013, the Council has released two P2PE Standards to accommodate solutions using hardware-based encryption and either hardware-based or hybrid-based decryption. A high-level summary of the two Standards is provided below:
| | | | |
| --- | --- | --- | --- |
| P2PE Standard (Solution type) | P2PE Solution Characteristics | Description of Encryption mechanism | Description of Decryption mechanism |
| Hardware / Hardware | Encryption, Decryption, and Key Management within Secure Cryptographic Devices | Hardware: encryption of account data within a PCI-approved POI using SRED | Hardware: all decryption and key management within SCDs (HSMs) |
| Hardware / Hybrid | Encryption & Key Management within Secure Cryptographic Devices, and Decryption of Account Data in Software | Hardware: encryption of account data within a PCI-approved POI using SRED | Hybrid: decryption of account data in software with key management in SCDs (HSMs) |
P2PE Standard (Solution type)
P2PE Solution Characteristics
Description of Encryption mechanism
Description of Decryption mechanism
Hardware / Hardware
Encryption, Decryption, and Key Management within Secure Cryptographic Devices
Hardware: encryption of account data within a PCI-approved POI using SRED
Hardware: all decryption and key management within SCDs (HSMs)
Hardware / Hybrid
Encryption & Key Management within Secure Cryptographic Devices, and Decryption of Account Data in Software
Hardware: encryption of account data within a PCI-approved POI using SRED
Hybrid: decryption of account data in software with key management in SCDs (HSMs)
Note: The term Hardware/* is used to indicate P2PE solutions that use a PCI-approved hardware-based encryption mechanism (PCI-approved POI using SRED). Hardware/* represents both Hardware/Hardware and Hardware/Hybrid types of
Subsequent releases of the P2PE program are planned and will address requirements for hybrid-based encryption, as well as scenarios where merchants manage their own P2PE solutions.
Disclaimer: This FAQ has been processed for display on this website and may contain errors. Please check the original FAQ on the PCI SSC website for the authoritative version.