GS Logo
The Green Sheet, Inc

Please Log in

A Thing
View Archives

View flipbook of this issue

Care to Share?

Table of Contents

Lead Story

Bitcoin gold rush continues

Ann Train


Industry Update

CFPB urges faster, safer consumer payments

PayPal gets wings, makes mobile play

ETA returns to San Francisco for Transact Tech

Bitcoin exchanges gain traction, dodge VAT

PCI SSC revamps P2PE, device standards


Pitfalls of proliferating payment speak

Serving the connected customer of the future

The Mobile Buzz: Digital wallets face uphill battle


New credit card scam at resort area hotels

Chris O'Donnell
Instabill Corp.

Insider's report on payments: Fighting online scammers

Patti Murphy
ProScribes Inc.

The most valuable merchant portfolio

Adam Hark


Street SmartsSM:
How can I grow my business?

Jeffrey I. Shavitz
TrafficJamming LLC

Staying informed in the payments biz: A sane approach

Jeff Fortney
Clearent LLC

EMV: The clock is ticking

Michael Gavin

The one man show: Selecting ISO partners

John Tucker
1st Capital Loans LLC

Company Profile


New Products

Global payments, localized currencies

Snapcard Inc.

Multifaceted, omnichannel POS technology

Retail Pro Prism
Retail Pro International LLC


The Jurassic world of work


Readers Speak

Resource Guide


A Bigger Thing

The Green Sheet Online Edition

August 10, 2015  •  Issue 15:08:01

previous next

PCI SSC revamps P2PE, device standards

After thorough review and input from payments industry stakeholders, the PCI Security Standards Council (PCI SSC) recently released a comprehensive update to its encryption standard as documented in PCI Point-to-Point Encryption Solution Requirements and Testing Procedures Version 2.0. The updated standard provides greater flexibility to solutions providers and to entities offering components that can be integrated into P2PE-validated solutions. The PCI SSC categorizes elements within the latest standard by P2PE solutions, software applications, component providers and solution providers.

The PCI SSC acknowledged the natural learning curve that took place after introducing the original standard. "What we didn't consider in version 1 is that we were thinking that the solutions provider would also be the entity or the organization that would decrypt," said Troy Leach, Chief Technology Officer at the PCI SSC. "What we've learned over the course of several years is that there are scenarios where you would have a service provider that is only responsible for decrypting cardholder information."

With P2PE v2, merchants also have greater control over encryption programs. According to the PCI SSC, large merchants can now implement and manage their own P2PE solutions for various POS locations, securely separating duties, systems and functions between the merchant encryption and decryption environments. Or merchants can work with a third party to manage PCI P2PE solutions for them.

Ruston Miles, founder and Chief Innovation Officer at Bluefin Payment Systems, one of the first companies to receive P2PE validation, said, "With version 2.0, PCI has made the development and implementation of P2PE solutions easier. Now solutions providers and merchants can simply choose from individually validated components to build and manage their own P2PE solutions." Another benefit is that it creates a new market for vendors.

Bluefin Chief Executive Officer John Perry noted the standard is "recognition of P2PE's critical role in a 'secure-all-channels' approach to data security," and in conjunction with Europay, MasterCard and Visa chip card and tokenization technology, P2PE offers "the protection that American consumers deserve."

Devices get security boost

The PCI SSC also released an updated version of the PIN Transaction Security (PTS) Point-of-Interaction (POI) Modular Security Requirements. This standard applies to POI device manufacturers; the devices include ATMs, unattended kiosks, mobile dongles and POS devices.

"As we see increasing attacks on ATMs and at the POS, it's critical to ensure the highest level of security at the device level," said the PCI SSC's Leach. Changes introduced in PTS POI version 4.1 include the addition of a new Core Module section that addresses configuration and maintenance procedures, as well as the addition of testing requirements to validate compliance.

Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.

previous next

Spotlight Innovators:

North American Bancard | USAePay | Impact Paysystems | Electronic Merchant Systems | Board Studios