Payment Card Industry (PCI) Point-to-Point Encryption Security Requirements and Testing Procedures Version 3.0 December 2019
This document, Point-to-Point Encryption: Security Requirements and Testing Procedures, defines both security requirements and testing procedures for Point-to-Point Encryption (P2PE) solutions and components. The objective of this standard is to facilitate the development, approval, and deployment of PCI-approved P2PE solutions that will increase the protection of account data by encrypting that data from the point of interaction (POI) within the encryption environment where account data is captured through to the point of decrypting that data inside a decryption environment, effectively removing clear-text account data between these two points. The requirements contained within this standard are intended for P2PE solution providers and other entities that provide P2PE components or P2PE applications for use in P2PE solutions, as well as P2PE assessors evaluating these entities. Additionally, merchants benefit from using P2PE solutions due to increased protection of account data and subsequent reduction in the presence of clear-text account data within their environments.
Summary of Significant Changes from v 2.0 to v 3.0: https://www.pcisecuritystandards.org/documents/P2PE_v3.0_Summary_Of_Changes.pdf?agreement=true&time=1578511270984