Latest changes to PCI SSC frequently asked questions.
In a hardware decryption environment, all decryption operations are performed only by PCI listed or FIPS approved HSMs.In a hybrid decryption environment, the decryption of account data is performed on …
SAQ P2PE is intended for SAQ-eligible merchants or merchant environments (as determined by the individual payment card brands), who process cardholder data only via PCI-approved point of interaction (POI) devices …
As of 12 December 2019, the latest version of the P2PE Standard is v3.0
P2PE v2.0 assessments will be accepted by the Council until 30 June 2021.
Currently …
A validated (as per the PCI P2PE Program Guide) P2PE solution/component must use a non-expired PCI-approved point-of-interaction (POI) device, which has been evaluated and approved via the PCI PTS program …
(Note the term "solution provider" below can be used interchangeably with "component provider," depending on the entity managing the POI devices.) Please refer to the latest P2PE glossary for …
Yes. However, while it may be possible for a PCI POI device to implement all the necessary functionality for use in a P2PE solution solely within its existing PTS-approved firmware, …
The P2PE Standard does not require applications solely used in a P2PE solution to be validated to PA-DSS. PA-DSS and P2PE are distinct PCI standards with separate requirements and programs, …
No. The Software-based PIN Entry on COTS (SPoC)? Standard, Contactless Payments on COTS (CPoC?) Standard and P2PE Standard are separate PCI SSC standards intended for unique use cases.
PCI-listed P2PE solutions (and applicable P2PE components) are allowed toreassess their existing PCI P2PE approval with expired PTS POI devices for up to, but not exceeding, 5 years past the …
A high-level summary of expiry dates for each version of the PTS POI Security Requirements is provided below. Full details can be found in the PCI PTS Device Testing and …
