P2PE is the PCI Security Standard Council’s most recent standard (others include PCI DSS, PA-DSS, and PTS) for merchants, HW/SW vendors, and service providers. Although the first version of the standard was released almost 3 years ago (in September 2011), due to complexity and uncertainty of multiple PCI P2PE requirements only 3 companies are currently listed on the PCI website as certified P2PE solution providers.
PCI SSC to release version 2.0 of P2PE (Point-to-point Encryption) security standard during 2014. The goal is to increase market acceptance of P2PE technology while maintaining the high security level of its implementations. The new version of the standard is supposed to be more understandable, contain less requirements, and clarify the validation process for solution providers. P2PE v.2.0 will also combine both Hardware/Hardware and Hardware/Hybrid standards (the difference is that HW/HW requires both encryption and decryption to be performed in cryptographic hardware, while HW/Hybrid allows some parts of decryption process to be done in software). Hybrid encryption (do not confuse with hybrid decryption), Software Encryption, and Software Decryption options will be discontinued due to security concerns. P2PE is the PCI Security Standard Council’s most recent standard (others include PCI DSS, PA-DSS, and PTS) for merchants, HW/SW vendors, and service providers. Although the first version of the standard was released almost 3 years ago (in September 2011), due to complexity and uncertainty of multiple PCI P2PE requirements only 3 companies are currently listed on the PCI website as certified P2PE solution providers.
2 Comments
Leave a Reply. |
Books
Recent Posts
Categories
All
Archives
October 2024
|