More Flexible Requirements for Encryption Products Make it Easier
for Merchants to Better Protect Payment Card Data and Reduce Risk of Data Theft
WAKEFIELD, Mass., 30 June 2015 — Today the Payment Card Industry Security Standards Council (PCI SSC) published an important update to one of its eight security standards, simplifying the development and use of Point-to-Point Encryption (P2PE) solutions that make payment card data unreadable and less valuable to criminals if stolen in a breach.
The updated standard is documented in PCI Point-to-Point Encryption Solution Requirements and Testing Procedures Version 2.0. It provides more flexibility to solution providers and to companies that provide P2PE components, services that fulfill specific P2PE requirements and can be integrated into P2PE solutions. In addition to validated P2PE solutions and applications, the PCI Council will now list validated P2PE components, making it easier for a solution provider to create a solution for their merchant customers. Also new with version 2.0, merchants acting as solution providers can implement and manage their own P2PE solutions for their own point-of-sale (POS) locations. (Read P2PE v2 At a Glance).
“Malware that captures and steals data at the point-of-sale continues to threaten businesses and their ability to protect consumers’ payment information. As these attacks become more sophisticated, it’s critical to find ways to devalue payment card data,” said PCI Security Standards Council Chief Technology Officer Troy Leach. “PCI Point-to-Point Encryption solutions help merchants do this by encrypting cardholder data at the earliest point of acceptance, making that data less valuable to attackers even if compromised in a breach.”