Frequently Asked Question

Can merchants use encryption solutions not listed on the PCI Council’s website to reduce their PCI DSS validation effort?
Yes, however, PCI SSC recommends the use of PCI-listed P2PE solutions. Reference to What effect does the use of a PCI-listed P2PE solution have on a merchant’s PCI DSS validation?
Merchants using encryption solutions that are not included on PCI SSC’s list of Validated P2PE Solutions should consult with their acquirer or the payment brands about the use of these solutions. See How do I contact the payment card brands? for information regarding contacting the payment brands.
Merchants using encryption solutions that are not included on PCI SSC’s list of Validated P2PE Solutions should consult with their acquirer or the payment brands about the use of these solutions. See How do I contact the payment card brands? for information regarding contacting the payment brands.
April 2020
Article Number: 1162
Related
-
How should payment terminals be considered during a PCI DSS assessment?
-
Are P2PE Products (P2PE Solutions, P2PE Components, P2PE Applications) on the P2PE Expired Listings still considered “validated” per the P2PE Program Guide?
-
If a P2PE Solution is on PCI’s list of Point-to-Point Encryption Solutions with Expired Validations, does the solution meet the eligibility criteria for SAQ P2PE?