Frequently Asked Question

Are P2PE solution providers required to have their solutions validated and listed by the Council?
No.
Please reference FAQ 1158 What effect does the use of a PCI-listed P2PE solution have on a merchant's PCI DSS validation? and Can merchants use encryption solutions not listed on the PCI Council's website to reduce their PCI DSS validation effort? for additional information.
Please reference FAQ 1158 What effect does the use of a PCI-listed P2PE solution have on a merchant's PCI DSS validation? and Can merchants use encryption solutions not listed on the PCI Council's website to reduce their PCI DSS validation effort? for additional information.
June 2016
Article Number: 1165
Related
-
Are Approved Scanning Vendors and Qualified Security Assessors considered third-party service providers for PCI DSS Requirements 12.8 and 12.9?
-
What are the expectations for entities when assigning risk rankings to vulnerabilities and resolving or addressing those vulnerabilities?
-
Is phishing-resistant authentication alone acceptable as multi-factor authentication for PCI DSS Requirements 8.4.1 and 8.4.3?
Featured FAQ Articles
Featured
-
Do PCI DSS requirements for keyed cryptographic hashing apply to previously hashed PANs?
-
Is the PCI DSS Attestation of Compliance intended to be shared?
-
How does an entity report the results of a PCI DSS assessment for new requirements that are noted in PCI DSS as best practices until a future date?
-
Where do I direct questions about complying with PCI standards?
-
Can SAQ eligibility criteria be used as a guide for determining applicability of PCI DSS requirements for merchant assessments documented in a Report on Compliance?
Most Popular
-
Are Approved Scanning Vendors and Qualified Security Assessors considered third-party service providers for PCI DSS Requirements 12.8 and 12.9?
-
What are the expectations for entities when assigning risk rankings to vulnerabilities and resolving or addressing those vulnerabilities?
-
Is phishing-resistant authentication alone acceptable as multi-factor authentication for PCI DSS Requirements 8.4.1 and 8.4.3?
-
Are passkeys synced across devices, implemented according to the FIDO2 requirements, acceptable for use as phishing-resistant authentication to meet PCI DSS Requirement 8.4.2?
-
How should PCI DSS v4.x requirements noted as superseded by another requirement be reported after 31 March 2025?
Most Recently Updated
-
Can unencrypted PANs be sent over e-mail, instant messaging, SMS, or chat?
-
Are entities allowed to request that cardholder data be provided over end-user messaging technologies?
-
Does PCI DSS allow faxing of payment card numbers?
-
What is the maximum period of time that cardholder data can be stored?
-
To which devices does PCI DSS Requirement 10.4.2 apply?