PCI Security Standards Council's Validated Point-To-Point Encryption Available Now
European Payment Services (EPS) is the first company to have a solution listed
NICE, France, 30 October 2013 — At its 2013 European Community Meeting today the PCI Security Standards Council (PCI SSC), an open, global forum for the development of payment card security standards, announced the availability of its Validated Point-to Point Encryption (P2PE) solutions listing on the PCI SSC website. This is the official PCI SSC resource for merchants and acquirers looking to deploy a P2PE solution to help simplify their PCI DSS security programs by removing clear-text cardholder data from the payment environment.
European Payment Services (EPS) is the first company to have a solution listed – its EPS Total Care P2PE solution was validated by P2PE assessor SecurityMetrics, Inc. A number of other solutions validated by P2PE assessors are under review, and once approved by the Council will be added to the listing, available at:
More Security Insights
- Forrester Study: The Total Economic Impact of VMware View
- Securing Executives and Highly Sensitive Documents of Corporations Globally
- Top Big Data Security Tips and Ultimate Protection for Enterprise Data
- Smarter Process: Five Ways to Make Your Day-to-Day Operations Better, Faster and More Measurable
The PCI Validated P2PE Solutions listing is the next step in the rollout of the Council’s P2PEprogram. Developed by input and feedback from the Council’s global stakeholders, the program provides a method for vendors to validate their P2PE solutions and applications, and for merchants to reduce the scope of their PCI DSS assessments by implementing a validated and PCI-listed P2PE solution for accepting and processing payment card data.
“The building blocks of a strong security program are people, processes and technology. With this new solutions listing, we’re glad that merchants and others can now take advantage of PCI SSC-listed P2PE technology in their payment security efforts,” said Bob Russo, general manager, PCI SSC.
To qualify for validation and listing on the Council’s website, a P2PE solution must comply with the PCI SSC P2PE Standard, encrypting cardholder data from the point where a merchant device accepts the payment card (for example, at the point of swipe or dip) to the point where the third-party payment processor or acquirer decrypts the data for processing.
“The use of point-to-point encryption technology to simplify PCI DSS security has been of great interest to our community, and especially here in Europe, with a number of our European stakeholders actively involved in the development of the P2PE program,” said Jeremy King, European director, PCI SSC. “We’re pleased to be able to announce this new resource at our 2013 Community Meeting in France, where we know merchants are eager to take advantage of this technology for securing their payment data.”
About the PCI Security Standards Council
The PCI Security Standards Council is an open global forum that is responsible for the development, management, education, and awareness of the PCI Data Security Standard (PCI DSS) and other standards that increase payment data security. Founded in 2006 by the major payment card brands American Express, Discover Financial Services, JCB International, MasterCard Worldwide and Visa Inc., the Council has more than 650 Participating Organizations, representing merchants, banks, processors and vendors worldwide. To learn more about playing a part in securing payment card data globally, please visit: pcisecuritystandards.org.