SecureConnect is always working to keep you informed on new updates and changes to the PCI DSS including updates regarding the newer technology of Point-to-Point Encryption (P2PE). Since the initial release of P2PE in September of 2011, the PCI Council continues to examine the technology and refine the requirements needed in order to maintain compliance.
The PCI SSC released version 1.1 of “P2PE Hardware Solution Requirements and Testing Procedures” in April 2012 and the document includes over two hundred pages of content regarding P2PE. There is a seemingly overwhelming amount of new information in this document. There are many new sections that help define the PCI compliance process in regards to P2PE and help to clarify common confusion that surrounds this new technology.
Here are a few key sections from version 1.1 that will help merchants to better understand the effect P2PE has on the PCI DSS:
A merchant-focused section that provides additional guidance and information about P2PE
Updates to the P2PE roles and responsibilities
Testing procedures and further clarification of how they tie in with each area of PCI compliance
In April 2012, Paul Newell, the Director of Product Management at SecureConnect, wrote a very informative blog, P2PE: Point-to-Point Encryption. The blog provides clarification on how this technology affects retail operations and what the “PCI scope” will likely look like in the future if you implemented P2PE in your business.