The PCI Security Standards Council (PCI SSC) has released version 3.2 of the PCI Point-to-Point Encryption (P2PE) Standard, introducing important clarifications and updates based on industry feedback. P2PE v3.2 is a minor revision of the standard, which expediently addresses stakeholder feedback while the Council continues developing the next major version - P2PE v4.0. All previously received stakeholder feedback in context of a major revision change will be considered as part of the current P2PE v4.0 revision effort.
The updates in v3.2 address several critical areas including POI device testing and sampling, as well as the management of whitelists, non-payment software, and P2PE Applications. The changes also include clarifications previously released via technical FAQs, corrections to proofing errors, and responses to stakeholder comments. To help organizations navigate these changes, PCI SSC has published a comprehensive Summary of Changes document, outlining the significant changes from v3.1 to v3.2.
Organizations currently using P2PE solutions will find that existing validations remain unaffected. The release of P2PE v3.2 does not impact P2PE Solutions, Components or Applications already validated to P2PE v3.0 or v3.1. P2PE vendors will continue to maintain their validated P2PE products in accordance with the latest P2PE v3.x Program Guide, which was published in September 2024.
PCI SSC has established a transition timeline to allow organizations adequate time to adapt to the updates. Through 31 December 2025, P2PE v3.1 submissions for both new assessments and reassessments will continue to be accepted. All v3.1 submissions must complete the quality review process by 31 March 2026. Beginning 1 January 2026, all new submissions for P2PE products, including reassessments of existing listed products, must comply with P2PE v3.2. Refer to the latest P2PE Technical FAQs document in the PCI SSC Document Library for additional information on the transition from v3.1 to v3.2.
The release of P2PE v3.2 demonstrates PCI SSC’s ongoing commitment to maintaining relevant, practical security standards that evolve with industry needs. The Council appreciates the valuable stakeholder feedback that enables it to continue to improve its documents and mature its standards and programs.
P2PE v3.2 is now available in the Document Library, along with the Summary of Changes from v3.1 to v3.2.