PCI P2PE Assessment Services
PCI P2PE Assessment Services
The PCI Point to Point Encryption (P2PE) standard relates to hardware-based point-to-point encryption (P2PE) services. These services, provided by acquiring processors and payments gateways, utilizing PCI Point of Interaction (POI) validated terminals to provide encryption of cardholder data from the retail establishment through to the acquirer. The standard is also applicable to institutions that provide some part of the P2PE value chain including Key Injection Facilities, Certificate Authorities, and Software Developers that develop software for POI devices. PSC provides P2PE assessments service, as a qualified P2PE QSA and P2PE PA-QSA, certified by the PCI Security Standards Council.
Service Provider P2PE Assessment Services
For Acquiring Processors and Payment Gateways, PSC provides a turnkey Point-to-Point Encryption assessment service, as a qualified P2PE QSA and P2PE PA-QSA, certified by the PCI Security Standards Council.
Our approach utilizes three phases:
- PSC will conduct an initial gap analysis of Client controls, documentation and procedures against all applicable domains of the P2PE requirements. Clients will receive a gap report, clearly detailing findings as well as acceptable approaches for remediation.
- PSC can aid in remediation, including technical architecture, generation of policies and procedures which are customized for the Client environment, as well as training as necessary in secure development, incident response procedures, POI device life cycle, key management and other areas of interest.
- PSC will conduct a final assessment against all domains and controls of P2PE and generate an appropriate P2PE Report on Validation (P-ROV) for submission to the PCI Security Standards Council for review and subsequent listing on their website as a validated solution. PSC also advises the customer on solution changes, as well as annual revalidation requirements.
Certificate Authorities/Software Developers
For Certificate Authorities, Software Developers and other vendors wishing to seek validation to only specific sections of the P2PE requirements or wishing to receive a P-ROV on an application, please contact PSC to discuss your requirements.