Our PCI Compliance and Security partner ControlScan plans to integrate the SAQ P2PE-HW into our merchant portal by the end of the quarter, as it’s expected that P2PE certified solutions will be listed on the PCI SSC website later this year. We will alert our merchants as soon as the SAQ P2PE-HW is available.
The PCI SSC Releases its P2PE SAQIn May the PCI Security Standards Council (SSC) published a fact sheet to offer guidance for merchants evaluating technology to accept payments using a smartphone or iPad/tablet. The fact sheet explains how a point-to-point encryption (P2PE) solution can be leveraged to secure mobile payments.
As a next step in its P2PE program, the SSC has released a P2PE Self-Assessment Questionnaire (SAQ). The new, reduced SAQ (SAQ P2PE-HW) is similar to SAQ B and contains 18 questions.
The PCI SSC website does not currently list validated P2PE solutions; however, the SSC plans to release the necessary documents for reporting and validation "in the coming weeks." Once this occurs, P2PE assessors, solution providers and application vendors can complete their assessments and submit their reports and validation documentation for acceptance and listing.
As the P2PE validation process progresses, merchants meeting the following criteria should use the SAQ P2PE-HW:
The merchants cited above would validate compliance by completing SAQ P2PE-HW and the associated Attestation of Compliance (AoC), confirming that: