Point-to-Point Encryption (P2PE)


Point-to-Point Encryption (P2PE)

The security requirements and test procedures for P2PE Solutions, P2PE Components, and P2PE Applications are intended to protect payment account data via encryption from the point it is captured in the merchant’s payment device to the point it is decrypted in a solution or component provider’s environment.

A point-to-point encryption (P2PE) solution cryptographically protects account data from the point where a merchant accepts the payment card to the secure point of decryption. By using P2PE, account data (cardholder data and sensitive authentication data) is unreadable until it reaches the secure decryption environment, which makes it less valuable if the data is stolen in a breach. Merchants using PCI-listed P2PE solutions also have fewer applicable PCI Data Security Standard (PCI DSS) requirements, which helps simplify compliance efforts.

Important Information


Intended Audience

For P2PE solution providers, component providers, and application developers that provide P2PE services.


P2PE Documents

Find all of the related documents in the PCI SSC Document Library.


Listings & Professionals

PCI SSC encourages merchants, acquirers, and solution providers to use the PCI SSC listings in selecting P2PE Solutions, P2PE Components, and P2PE Applications.

P2PE Assessors are qualified and trained by PCI SSC to perform independent assessments of P2PE solutions, components, and applications against the P2PE Standard and in accordance with the P2PE Program Guide.


Training Information

The Payment Card Industry Professional is an individual, entry-level certification in payment security information and provides you with the understanding to help your organization build a secure payment environment. Becoming a PCIP demonstrates a level of understanding that can provide a strong foundation for a career in the payments security industry.

The Point-to-Point Encryption Assessor (P2PE Assessor) and Point-to-Point Encryption Application Assessor (P2PE Application Assessor) training programs prepare candidates to perform validation of Point-to-Point Encryption solutions and applications against the latest standard in order for those solutions and applications to be listed on the PCI Security Standards Council website.

Knowledge Training courses are designed to bridge the knowledge gap between organizations and assessors by providing learning opportunities for individuals to take the same training and exam as the Assessor. Upon successful completion of training, learners will be given an acknowledgement of completion as well as the option to complete the exam and receive a digital badge.

Get your team trained together! We are pleased to offer all our PCI training programs as either in-person or remote Instructor-led eLearning. Learn directly from an instructor with hands-on experience in the field of payments security. Your organization will receive all the benefits of an instructor-led training class, at a time and place most convenient for you and your staff.

Compliance programs for all PCI SSC standards are managed by the payment brands. Questions about which entities need to validate compliance to any PCI SSC standard, or whether use of a PCI-listed product is required and for which entities, should be referred to the payment brands. Contact information for the payment brands is in FAQ #1142.