GS Logo
The Green Sheet, Inc

Please Log in

A Thing
View Archives

View PDF of this issue

Care to Share?


Table of Contents

Lead Story

Getting a jump on the holiday season

News

Industry Update

PCI SSC releases new encryption requirements

Data security an ongoing concern

Google Wallet rollout generates questions

PayPal staking claim in mobile payments sphere

Trade Association News

Features

Seven steps to merchant success in recurring payments

Research Rundown

Meet The Expert: Andrew Altschuler

Selling Prepaid

Prepaid in brief

Nexon expands game card concept with Karma

Western Union enhances options at the POS

Views

Kick complacency out the door

Brandes Elitch
CrossCheck Inc.

Education

Street SmartsSM:
The ABCs of SAQs

Bill Pirtle
MPCT Publishing Co.

Reinvigorating the merchant club

Steve Norell
US Merchant Services Inc.

Trust in transparency

Jeff Fortney
Clearent LLC

Inspiration for women in payments

Peggy Bekavac Olson
Strategic Marketing

U.S. EMV implementation

Tim Cranny
Panoptic Security Inc.

Company Profile

First Annapolis Consulting Inc.

New Products

Look, Mom and Pop, no paperwork

CB App Express
Merchant Warehouse

An automation tool for walk-in payments

PayItFast
US Dataworks Inc.

Inspiration

Claim the podium

Miscellaneous

2011 Calendar of events

Departments

Forum

Resource Guide

Datebook

A Bigger Thing

The Green Sheet Online Edition

October 10, 2011  •  Issue 11:10:01

previous next

PCI SSC releases new encryption requirements

The PCI Security Standards Council (PCI SSC) recently released point-to-point encryption (P2PE) requirements for hardware-based solutions in its PCI Point-to-Point Encryption Solution Requirements. The 96-page document provides the first requirements for hardware-based P2PE solutions that offer Payment Card Industry (PCI) Data Security Standard (DSS) compliance.

The new requirements include information on:

A starting point

PCI SSC General Manager Bob Russo said the new P2PE hardware requirements are the beginning of what is expected to be an extensive list of P2PE requirements and programs. He said the PCI SSC will release testing requirements for hardware and introduce security assessment training for encryption hardware in the coming months.

P2PE solutions use secure cryptographic devices installed in POS terminals for encrypting. P2PE is also used in the hardware security modules for decrypting information securely.

"It's important to emphasize this is an optional program for the merchant and vendor," Russo told The Green Sheet. "There is no mandate. Encryption is a good idea that adds another layer of security with the possibility of cutting down the scope of compliance."

More to come

In addition, the PCI SSC will soon be looking at encryption in hybrid hardware/software devices, as well as standards for pure software encryption solutions. However, Russo said, "Some of the components in these regulations are already covered in the PCI security requirements for PIN pad and POS devices."

Russo added that all pieces of the PCI DSS still apply. "These new regulations are not a get-out-of-jail-free card," he said. "You still have to protect the data."

The PCI SSC will release a list of validated P2PE solutions in 2012. "There are many solutions that exist and merchants are looking to us for guidance," Russo said. "This is a solid first step in recognizing one popular type of deployment of P2PE solutions. If implemented in accordance with PCI requirements, P2PE solutions can significantly reduce a merchant's card data environment, mitigate potential breaches and simplify PCI DSS validation efforts."

The PCI Point-to-Point Encryption Solution Requirements can be found at www.pcisecuritystandards.org/documents/nb59Y8Qqv/P2PE_Hardware_Solution_%20Requirements_Initial_Release.pdf.

For additional news stories, please visit www.greensheet.com and click on "Read the Entire Story" in the center column below the latest news story excerpt. This will take you to the full text of that story, followed by all other news stories posted online.

Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.

previous next

Spotlight Innovators:

North American Bancard | USAePay | Impact Paysystems | Electronic Merchant Systems | Board Studios