The PCI Security Standards Council (PCI SSC) published a minor revision to the PCI Point-to-Point Encryption (P2PE) Standard. The PCI P2PE Standard provides a comprehensive set of security requirements for the validation of PCI P2PE solutions to protect payment card data via encryption. PCI P2PE v3.1 includes clarifications and updates previously released via bulletins and incorporates stakeholder feedback received via a formal request for comment period.
“The PCI SSC is always evolving our standards to better meet the needs of the changing payments industry,” says Emma Sutcliffe, SVP, Standards Officer at PCI SSC. “These incremental changes align with current industry feedback and incorporate changes made recently to the PCI PIN Standard.”
PCI P2PE version 3.1 maintains the same approach to security as version 3.0. Revisions include clarifications and updates previously released via technical FAQs and bulletins, corrections to proofing errors, and responses to stakeholder comments. These changes are outlined in a PCI SSC blog post and Summary of Changes document on the PCI SSC website.
“PCI P2PE Solutions help merchants protect their customer’s cardholder data by encrypting at the earliest point of acceptance. This renders card data unreadable to attackers, even when the environment may have been compromised,” says Troy Leach, SVP Engagement Officer of PCI SSC. “Merchants should talk with their acquirer or financial partner about selecting and using a PCI P2PE solution.”
Version v3.1 of the PCI P2PE Standard and P-ROVs, and the Summary of Changes from P2PE v3.0 to P2PE v3.1, are available in the Document Library on the PCI SSC website. View the PCI Perspectives blog post for additional information about the P2PE v3.1 Standard.