From 20 May to 19 June, PCI SSC stakeholders can participate in a Request for Comments (RFC) on the P2PE Standard v3.0 draft. RFC periods are avenues for PCI SSC stakeholders to provide feedback on existing and new PCI Security Standards. This feedback plays a critical role in the ongoing maintenance and development of these resources for the payment card industry.
Request for Comments (RFC) on P2PE Standard v3.0
As published in a previous post, PCI SSC is conducting an additional request for comments (RFC) period with PCI SSC stakeholders for the P2PE Standard v3.0 draft. PCI SSC stakeholders are invited to review and provide feedback on the P2PE Standard v3.0 during a 30-day request for comments (RFC) period from 20 May to 19 June. The RFC is available through the PCI SSC portal, including instructions on how to access the document and submit feedback, and will follow the formal PCI SSC RFC process, as outlined in the recently published RFC Process Guide.
Please note that as part of the RFC process, all feedback will be reviewed and considered for development of the final Standard, planned for publication the late Q4 2019 to Q1 2020 timeframe. The name of the organization, its comments and how PCI SSC is addressing the feedback will be posted in the PCI SSC portal for all RFC participants to view.
Background on the P2PE Standard v3.0
The PCI P2PE Standard provides a comprehensive set of security requirements for validation of P2PE solutions, applications and components to protect payment card data via encryption from where it is captured in the payment terminal until it is decrypted in a secure decryption environment. Changes to the P2PE Standard will focus on modernizing, simplifying, and adding flexibility to the P2PE Program, such as opportunities to add Component Provider Types and flexibility for Solution Providers.
We plan on publishing v3.0 of the P2PE Standard in the Q4 2019 to Q1 2020 timeframe.