The PCI Security Standards Council (PCI SSC) recently issued an updated set of requirements for point-to-point encryption (P2PE) solution providers to implement hardware-based solutions for merchants. The update also includes additional testing procedures to ensure devices meet minimum security requirements.
This latest update by the PCI SCC shows a growing trend toward clarifying and strengthening security standards in many industries. Though the current P2PE program is voluntary, with no plans to wrap it into PCI DSS, the Council is being proactive in providing security resources for merchants and solution providers.
Bob Russo, general manager for PCI SSC, says:
"With these updated P2PE requirements and program in place to assess and validate these solutions securely, we’re one step closer to helping merchants take advantage of this technology to simplify PCI DSS validation efforts and mitigate potential breaches."