In a significant move, the PCI Security Standards Council (PCI SSC) has announced enhancements to its Point-to-Point Encryption (P2PE) Program for use with the currently published P2PE Standard v3.1, which provides the ability to validate and list P2PE solutions that cryptographically protect account data from the point where a merchant accepts a payment card to the secure point of decryption. This Program, which is intended for merchants, P2PE Assessor Companies, and vendors of P2PE Products, provides instructions, requirements, and reporting templates for validation and attestation of listed P2PE solutions. The P2PE Program has undergone extensive revisions based on valuable stakeholder feedback and a commitment to continuous improvement.
The updates consolidate key documents within the P2PE Program, addressing a wide range of enhancements and value-added changes. Among the highlights:
- P2PE Program Guide Updates: The P2PE Program Guide has been revised to provide clearer and more comprehensive P2PE Program information to Program participants.
- Consolidated Attestation of Validation (AOV): The AOV process has been streamlined, consolidating three separate AOVs (Solution, Component, Application) into a single, restructured AOV. This simplifies the completion process and helps reduce submission returns.
- New Change Impact Template: Replacing the previous 17-pages of three separate templates within the P2PE Program Guide, the new consolidated Change Impact Template will be available as a separate, standalone template and offers a more concise and user-friendly approach to managing P2PE Product changes.
- Improved P2PE Instruction Manual (PIM): The PIM has undergone revisions to address errata and enhance the overall structure and flow of the document, further incorporating stakeholder input.
- Portal and Listing Enhancements: The P2PE Program's online Portal has been improved to streamline the submissions process, while the Program listings have been updated to enhance usability and reflect the applicable changes.
- P2PE Report on Validation (P-ROV) Template Updates: The P-ROVS are being updated and will be available soon. Keep using the currently available P-ROVs until then.
These comprehensive updates demonstrate PCI SSC's commitment to continuously improving the P2PE Program, ensuring it remains a robust and valuable resource for merchants, payment processors, and other industry stakeholders. By incorporating stakeholder feedback and implementing enhancements, PCI SSC aims to provide a more user-friendly and effective framework for securing payment data throughout the transaction lifecycle.
These revisions to the P2PE Program are designed to meet the payment industry's immediate needs while PCI SSC prepares for the next major revision of the P2PE Standard and Program: P2PE v4.0. This upcoming revision underscores PCI SSC's dedication to staying ahead of evolving security challenges and providing the tools and guidance needed to protect sensitive payment information. As the payments landscape continues to evolve, these immediate updates to the P2PE Program will play a crucial role in safeguarding the integrity of electronic transactions.