The PCI Security Standards Council recently issued point-to-point encryption (P2PE) requirements, which provide vendors, assessors and merchants with implementation guidelines that are within PCI compliance, SearchSecurity reports.
Despite the advantages of cardholder data encryption, merchants previously had no way to evaluate individual providers to determine if the equipment met PCI DSS standards from the time card data is captured to its transmission to a processor.
The document discussed six areas that will be assessed in P2PE implementation. These include an evaluation of the security controls used on the hardware, the applications within the hardware, the environment where encryption hardware is present, the transmissions between the encryption and decryption environments, the decryption environment and the key management operations.
“If implemented in accordance with PCI requirements, P2PE solutions can significantly reduce a merchant’s card data environment, mitigate potential breaches and simplify PCI DSS validation efforts,” said Bob Russo, general manager of the PCI SSC, as quoted by the news source.
However, Storefront Backtalk reports that the 96-page document is merely the “first set of validation requirements,” and that important parts of the program won’t be in place for at least another six to eight months.Back To Blog