P2PE requirements provide P2PE solution providers with a method of validating their solutions and distributors to reduce the scope of their PCI DSS assessments when a validated P2PE solution is used for payment card acceptance and processing. We are working together to determine the scope of the audit, including: In accordance with the guidelines of the SSC PCI, as QSA (P2PE) and PA-QSA (P2PE), Sikich is unable to accept P-ROVs for third-party services (i.e. full P2PE solutions or applications) to the SSC PCI for the list, as the SSC PCI cannot accept these reports. Encryption protects confidential data. Technology that uses encryption at the point of acceptance of payment cards up to the payment processing point is affectionately called point-to-point encryption (P2PE). The solution provider must ensure that all P2PE requirements are met, including ensuring that P2PE requirements are met by third parties performing P2PE functions on behalf of the supplier. B solutions, such as certification bodies (CA) and key injection devices. As a provider of P2PE solutions, Sikich helps you develop appropriate procedures and provides you with instructions to implement an effective solution for your reseller customers to reduce the scope of their PCI DSS evaluation. In addition to a P2PE solution provider, new hardware solution requirements and testing methods can also affect Point of Interaction (POI) manufacturers, application developers, third-party vendors, distributors, resellers and integrators. For organizations that provide P2PE solution provider services to third-party providers such as.B. the key injection or certification organization (CA), Sikich reviews your offer based on relevant P2PE requirements and prepares a P-ROV with the corresponding elements detailing how your offer supports the P2PE solution. You can make this P-ROV available to your P2PE solution providers or business partners. Once your P2PE solution or application meets all P2PE requirements, Sikich generates a P2PE validation report (P-ROV) that documents your compliance with P2PE requirements.
Once your organization has verified and approved the report, Sikich sends your P-ROV to PCI SSC along with your validation confirmation (AOV) and your signed P2PE (VRA) exit agreement. P2PE technology can help distributors reduce the scope of their data environment for cardholders and their PCI DSS requirements, saving them time, effort and cost in their annual assessments and better protecting cardholder data (CHD) for all participants. Validation requirements and testing procedures currently focus on hardware-based encryption and decryption solutions, also known as hardware/hardware. Hardware/hardware solutions use secure cryptographic devices for both encryption and decryption, including at the Encryption Acceptance Point and inside hardware security modules (HSMs) for decryption. As a result of the increasing implementation of these technologies, the PCI Security Standards Council (PCI SSC) has developed policies for creating, testing and providing solutions that provide strong support for PCI DSS compliance. As a P2PE application developer, Sikich reviews your payment application on all licensed PCI PIN Transaction Security (PCI PTS) devices to see if it is suitable for a P2PE solution provider. Sikich provides P2PE advisory and validation services to organizations seeking a formal list to PCI SSC for their solution or application.