All P2PE Solutions Are Not Created Equally
Security-minded ISVs, ISOs, and merchants know that P2PE is one of the most critical pieces to the puzzle of protecting an electronic payment transaction.
The ability to encrypt payment data at the point of transaction and decrypt it only when it reaches the intended recipient is very powerful. With the introduction of PCI-validated P2PE, the standard became even better.
PCI P2PE takes the good in P2PE and improves it by adhering to the latest and most stringent security protocols.
All aspects of the solution must undergo a rigorous examination by a special P2PE QSA. Once validated, the solution gets annual checkups and a full re-assessment must happen every three years.
The arduous work of getting a P2PE solution PCI-validated pays off for the merchant, who can rest assured that their security is top-notch and benefit from a reduced DSS scope.
Unfortunately, there’s a lot of confusion and misinformation in the marketplace about the role of P2PE and PCI P2PE in reducing or even eliminating a merchant’s PCI scope.
We recently put together a thorough guide that addresses the most common P2PE myths as well as questions you can ask your payment provider to cut through any ambiguity around the solutions you’re implementing.