Press Release

Industry Feedback Drives Updates to PCI P2PE Standard

PCI P2PE Solutions Continue to Help Merchants Protect Cardholder Data

WAKEFIELD, Mass., 30 September 2021 — Today, the PCI Security Standards Council (PCI SSC) published a minor revision to the PCI Point-to-Point Encryption (P2PE) Standard. The PCI P2PE Standard provides a comprehensive set of security requirements for the validation of PCI P2PE solutions to protect payment card data via encryption. PCI P2PE v3.1 includes clarifications and updates previously released via bulletins and incorporates stakeholder feedback received via a formal request for comment period.

“The PCI SSC is always evolving our standards to better meet the needs of the changing payments industry,” says Emma Sutcliffe, SVP, Standards Officer at PCI SSC. “These incremental changes align with current industry feedback and incorporate changes made recently to the PCI PIN Standard.”

PCI P2PE version 3.1 maintains the same approach to security as version 3.0. Revisions include clarifications and updates previously released via technical FAQs and bulletins, corrections to proofing errors, and responses to stakeholder comments. These changes are outlined in a PCI SSC blog post and Summary of Changes document on the PCI SSC website.

“PCI P2PE Solutions help merchants protect their customer’s cardholder data by encrypting at the earliest point of acceptance. This renders card data unreadable to attackers, even when the environment may have been compromised,” says Troy Leach, SVP Engagement Officer of PCI SSC. “Merchants should talk with their acquirer or financial partner about selecting and using a PCI P2PE solution.”

Version v3.1 of the PCI P2PE Standard and P-ROVs, and the Summary of Changes from P2PE v3.0 to P2PE v3.1, are available in the Document Library on the PCI SSC website. View the PCI Perspectives blog post for additional information about the P2PE v3.1 Standard.

About PCI Point-to-Point Encryption Solutions
A PCI Point-to-Point Encryption (P2PE) Solution cryptographically protects account data from the point where a merchant accepts the payment card to the secure point of decryption. By using P2PE, account data is unreadable until it reaches the secure decryption environment, which makes it less valuable if the data is stolen in a breach. A PCI P2PE Solution can significantly help merchants reduce the PCI DSS validation effort of their cardholder data environment.

About the PCI Security Standards Council
The PCI Security Standards Council (PCI SSC) leads a global, cross-industry effort to increase payment security by providing industry-driven, flexible and effective data security standards and programs that help businesses detect, mitigate and prevent cyberattacks and breaches. Connect with the PCI SSC on LinkedIn. Join the conversation on Twitter @PCISSC. Subscribe to the PCI Perspectives Blog.