PCI P2PE
Point-to-Point Encryption
The Point-to-Point Encryption (P2PE) standard defines a PCI DSS-compliant implementation for merchant environments in which card present transactions are carried out with credit cards.
In the described implementation, payments are made exclusively via PCI PTS certified POS terminals. All critical transaction data is encrypted directly in the terminal and only decrypted again in a special backend system. The terminal infrastructure is provided by the so-called P2PE solution provider, which also operates the PCI DSS validated backend system. In this scenario, the merchant does not have access to the critical transaction data. If the merchant joins the solution of a validated P2PE solution provider, it is still basically subject to PCI DSS, but it no longer has to be implemented for its POS and business infrastructure.
In addition to a complete solution provider certification, the PCI P2PE also allows an independent certification of payment applications on the POS terminal according to domain 2 of the PCI P2PE as well as a modular certification for individual domains, the so-called P2PE components. P2PE v2 defines the following P2PE components, for each of which a separate validation can be performed, and an official listing by the PCI Security Standards Council (PCI SSC):
SRC offers consulting and know-how regarding the implementation of the P2PE standard as well as the design, implementation and evaluation of P2PE applications, P2PE solutions and P2PE components.
SRC’s P2PE services cover the complete P2PE life cycle, including the following services:
SRC is approved by the PCI SSC as Qualified Security Assessor Point to Point Encryption (QSA(P2PE)) and has a team of qualified employees with experience in both the payment card industry (PCI) standards and the POS terminal environment. These employees are authorized to conduct solution assessments (QSA(P2PE)) and application assessments (PA-QSA(P2PE)).
Furthermore, SRC is one of the few companies worldwide to have PCI SSC approval for evaluations according to PCI PTS and PCI P2PE. As POS terminals play a central role in every P2PE solution, SRC can provide comprehensive support and advice from the approval of POS terminals to the use of the terminal in P2PE solutions and the management of the terminals.
Find out about the topics that we support with our services.