The Point-to-Point Encryption Standard (PCI P2PE) is the youngest of the PCI standards. It was initially released in 2012 to help merchants with a large network of branches along the way to a successful PCI DSS certification by using a PCI P2PE solution. The standard ensures that cardholder data from the input point (typically a POS terminal) to the end point (the service provider’s or network operator’s processing system) is encrypted in a way that transmission paths and the components used along have no further part in the merchant’s PCI compliance.

The operator of a PCI P2PE solution is called Solution Provider. He is responsible for the proper operation and validation of the overall solution. The solution provider ensures that the current POI devices are used and managed in the field according to the defined acceptance criteria. From the central site, the solution provider ensures that the correct hardware security modules are used to ensure a flawless and secure decryption of the account data.

A prerequisite for the validation of a PCI P2PE solution is to be a PCI DSS compliant service provider. Additionally, the applications running on the POI devices must be validated against Domain 2 of the P2PE standard. The entire topic is relatively complex and the certification steps are interwoven to a certain extent.

In order to allow you to validate your solution successfully, we will gladly advise you in advance. It is extremely important for this standard to plan all certification steps in advance and to involve all stakeholders (terminal manufacturers, software vendors, key management entities, and field service) from the beginning of the project. This will help you to answer the following questions: Which steps should be carried out and when? Which components need to be validated and at what time in the project? What are favorable conditions for a successful P2PE certification? The answers to all of these questions cannot be found in a document because each solution is as individual as your own company. Our experience in such PCI P2PE projects allows us to be your partner and guide you on the road to a successful validation.

Useful Links

The P2PE Standard – catalogue of all requirements of the PCI P2PE standard

News for this Standard

1711, 2016

P2PE Payment Application

17.11.2016|Comments Off on P2PE Payment Application

Adsigo validates the first P2PE Payment Application In November Adsigo successfully validated the first P2PE Application of a leading terminal vendor. This payment application is now worldwide one [...]

2604, 2016

P2PE Component Provider

26.4.2016|Comments Off on P2PE Component Provider

Within the P2PE version 2 the new role of a P2PE Component Provider was introduced. A P2PE Component Provider provides partial P2PE services to a P2PE Solution Provider. These [...]

210, 2015

First german P2PE Solution Provider certified by Adsigo AG!

02.10.2015|Comments Off on First german P2PE Solution Provider certified by Adsigo AG!

In September 2015 Adsigo AG certified payment platform Paygate of Computop located in Bamberg, Germany. This platform is the first German and globally fourteenth P2PE solution listed on the [...]