The open global forum PCI (Payment Card Industry) Security Standards Council in an abridged PCI SSC has recently released an important security update. The update concerns one of their eight security standards. Its purpose is to reduce to simple terms the development and use of Point-to-Point Encryption (P2PE) solutions. Thus, it will make the payment card data unreadable and less valuable to criminals if stolen in a breach. Solution providers and companies that provide P2PE components will have more flexibility with this important security update. It also concerns services that perform specific P2PE requirements and can be integrated into P2PE solutions.
The PCI Council will soon revise validated P2PE components in addition to validated P2PE solutions and applications. The aim of this action is to make it easier for a solution provider to build a solution for their merchant customers. A novelty in the P2PE version 2.0 makes it possible for merchants that carry out solution provider stuff manage and implement their own P2PE solutions for locations of their own point-of-sale.
According to Troy Leach, PCI Security Standards Council Chief Technology Officer:
“Malware that captures and steals data at the point-of-sale continues to threaten businesses and their ability to protect consumers’ payment information. As these attacks become more sophisticated, it’s critical to find ways to devalue payment card data. PCI Point-to-Point Encryption solutions help merchants do this by encrypting cardholder data at the earliest point of acceptance, making that data less valuable to attackers even if compromised in a breach.”
P2PE security solution can also permit merchants regulate how and where the PCI Data Security Standard (PCI DSS) is put into use within their sell environment. Thereby, security of customer data increases and compliance with the PCI DSS simplifies.
P2PE v2 allows merchants provide even more options that reduce risk and protect customer data through encryption. They can manage their P2PE solutions manually according to their business needs or they can use a solution provider that will manage a PCI P2PE solution. The process of managing PCI P2PE solutions includes secure separating duties, systems and functions between merchant encryption and decryption environments.
Read more about the P2PE Solution Requirements and Testing Procedures version 2.0.