STRATEGIC PARTNERS
The council says that more flexible requirements for encryption products will make it easier for merchants to prevent payment card data theft.
July 10, 2015
The Payment Card Industry Security Standards Council has updated one of its eight security standards, simplifying the development and use of point-to-point encryption solutions that make payment card data unreadable and less valuable to criminals if stolen in a breach.
The updated standard is documented in PCI Point-to-Point Encryption Solution Requirements and Testing Procedures Version 2.0., a press release from the council said.
The update offers more flexibility to solution providers and to companies providing P2PE components that fulfill specific P2PE requirements and can be integrated into P2PE solutions.
The PCI Council will now list validated P2PE components in addition to solutions and applications, making it easier for providers to create solutions for their merchant customers.
Additionally merchants acting as solution providers can implement and manage their own P2PE solutions for point-of-sale locations (read P2PE V2 At a Glance).
Use of a PCI-approved P2PE solution can allow merchants to reduce where and how the PCI Data Security Standard applies within their retail environment, increasing security of customer data while simplifying PCI DSS compliance (read P2PE Merchant Guide).
"With version 2.0 the Payment Card Industry Council is responding to market feedback to provide a simpler approach to validating solutions, while still maintaining a strong level of integrity in the validation process that will result in the most secure options for merchants," PCI SSC CTO Troy Leach said in the release.
PCI Point-to-Point Encryption Solution Requirements and Testing Procedures Version 2.0 is available from the PCI SSC website. Materials include a summary of changes from P2PE version 1.1.1 to 2.0; the P2PE instruction manual template, and the P2PE glossary of terms, abbreviations, and acronyms version 2.0.
Information on PCI P2PE validated listings is available as well.
