Frequently Asked Question
Who can use SAQ P2PE?
- Are using a validated * PCI P2PE solution (per the PCI P2PE Program Guide).
- Do not store, process, or transmit any cardholder data on any system or electronic media (for example, on computers, portable disks, or audio recordings) outside of the payment terminal used as part of the validated PCI P2PE solution.
- Do not store any cardholder data in electronic format. This includes verifying that there is no legacy storage of cardholder data from other payment devices or systems.
- Have implemented all controls in the P2PE Instruction Manual (PIM) provided by the P2PE Solution Provider.
Featured FAQ Articles
Most Recently Updated
Is the expectation that any PFI investigation initiated must result in a PFI Final Report?
Can SAQ eligibility criteria be used for determining applicability of PCI DSS requirements for assessments documented in a Report on Compliance?
Do PCI DSS requirements for keyed cryptographic hashing apply to previously hashed PANs?