PCI Security Standards Council releases new P2PE requirements

PCI Security Standards Council releases new P2PE requirements

The PCI Security Standards Council recently announced new point-to-point encryption requirements for hardware-based solutions, according to a recent report by the Green Sheet.

According to the PCI SSC, the new mandate is the first part of its requirements for hardware-based P2PE solutions, Green Sheet reported.

"It's important to emphasize this is an optional program for the merchant and vendor," PCI SSC general manager Bob Russo told the Green Sheet. "There is no mandate. Encryption is a good idea that adds another layer of security with the possibility of cutting down the scope of compliance."

The 96-page document includes P2PE validation and creation requirements, how to implement encryption hardware and merchant and vendor roles, according to the news provider.

Eduardo Perez, the head of global payment risk at Visa, recently discussed the past and present state of PCI compliance in a report he wrote for SC Magazine.

When the PCI SSC was founded five years ago, adoption rates were low because of a lack of awareness of how to achieve PCI compliance. Perez said that 97 percent of level-1 merchants in the United States are currently compliant.