PCI Point-to-Point Encryption (P2PE)® Solutions
Validated Point-to-Point Encryption (P2PE) Products have been assessed by a qualified P2PE Assessor Company to confirm adherence to the PCI P2PE Standard and Program. The assessment and validation are documented by the P2PE Assessor in a P2PE Report on Validation (P-ROV). The PCI Security Standards Council (PCI SSC) urges entities to use Validated P2PE Products in their payment environments.
Although PCI SSC reviews these reports for quality management purposes, PCI SSC does not independently confirm the reports or the data or information they contain, nor does PCI SSC perform any testing or analysis of software, products, functionality, performance, suitability or compliance with the Standard.
P2PE Solutions with an Expired Validation - These are P2PE Solutions whose validation approval has expired as described in the P2PE Program Guide. Please contact the payment brands for information regarding the use of expired P2PE Products. P2PE Solutions with an expired validation are listed separately here.
P2PE Solutions and the PIM - Each PCI-listed P2PE Solution has an associated P2PE Instruction Manual (PIM) that is provided by the Solution Provider. The PIM provides merchants pertinent guidance to effectively and securely manage their encryption environments and devices within their purview. E.g., regarding PCI-approved PTS POI devices – secure installation, details of all P2PE Applications and other software present, monitoring for signs of tampering, and appropriate incident response procedures for security incidents.
P2PE Program - For information regarding the PCI P2PE program, please click here for our document library.
P2PE Component and P2PE Application Listings - Click here for P2PE Application Listings or here for the P2PE Component Listings.
Click here for more information about the listings
Filter by
Dates in orange represent a P2PE Product that has not been Annually Revalidated in accordance with P2PE Program Requirements (up to 90 days overdue).
Dates in red represent a P2PE Product that has not been Annually Revalidated in accordance with P2PE Program Requirements (more than 90 days overdue).
Validated P2PE Products that have not been Annual Revalidated in accordance with P2PE Program Requirements within 180 days of their Annual Revalidation date or Reassessment date, as applicable, will be transferred to the P2PE Expired Listings.
Annually at year 1 and 2, based on the date of the P2PE Product's Acceptance, the P2PE Vendor is required to submit an updated P2PE Attestation of Validation for their Validated P2PE Product. Refer to the P2PE Program Guide for further information.
Validated P2PE Products require a Full Assessment every three years based on the date of the P2PE Product's Acceptance. Refer to the P2PE Program Guide for further information.
Indicates the P2PE Product is using a dependency (P2PE Component, P2PE Application, and/or PTS POI Device) that is not in accordance with applicable P2PE Program Requirements (e.g., Annual Revalidation, Reassessment, device expiry, etc.). Click on the Listing "Details" to find the dependency, or dependencies, that are flagged with this icon. Refer to the P2PE Program Guide for more information.
Wildcard characters are substituted for a defined set of possible characters in the P2PE Application version, per the P2PE Vendors' wildcard schema. Refer to the current P2PE v3.x Program Guide and P2PE Technical FAQs in the PCI SSC Document Library for acceptable use of wildcard characters. The highlighting of wildcard characters in a P2PE Application version is a visual feature applied as of P2PE Standard v3.2 Listings.