The PCI Security Standards Council announced today the first set of validation requirements for its point-to-point encryption solution program. By next spring, PCI will have a list of approved hardware-based point-to-point encryption (PTPE) solutions, which customers like hotel owners and operators can choose from to help protect and secure their on-site payment card transactions.
The new document from the Council provides requirements for vendors and merchants who wish to build or implement hardware-based PTPE solutions that support the PCI Data Security Standard.
Merchants aren’t mandated to use P2PE technology, but if they do, choosing from an approved vendor will help with compliance to PCI standards. The Council will also continue to explore developing requirements for software solutions that encrypt cardholder data.
The program is also voluntary for vendors, but Bob Russo, the general manager of the PCI Council, says those not on the approved list next spring “will be conspicuous by their absence.”
He also cautions that using approved PTPE solutions doesn’t mean merchants can forget about PCI’s Data Security Standard, or educating your staff, managing third-party relationships or the physical security needed to protect cardholder data.