• Skip to primary navigation
  • Skip to main content
  • Skip to footer
ControlCase No Tag LOGO md

ControlCase

IT Certifications, Continuous Compliance and Cybersecurity Services Provider

  • Company
    • About Us
    • Careers
    • Locations
    • Team
  • Industries
    • Business Process Outsourcing
    • Cloud Service Providers
    • Retail
    • Telecom | Entertainment
  • Certifications
    • PCI DSS Certification
    • CSA STAR Certification
    • GDPR Assessment
    • HIPAA Assessment
    • HITRUST Certification
    • ISO 27001 Certification
    • FedRAMP 3PAO Services and NIST 800-53
    • CMMC Compliance: NIST 800-171
    • MARS-E Assessment
    • P2PE Certification
    • PA DSS Certification
    • SOC2 Report
  • Solutions
    • Continuous Compliance Solution
    • One Audit
    • Card Data Discovery Software
    • Data Security Rating
  • Testing
    • Application Reviews
    • Application Security Training
    • Code Reviews
    • Card Data Discovery
    • External Vulnerability Scans
    • Firewall Security Reviews
    • Internal Vulnerability Scans
    • Log Monitoring
    • Penetration Testing
  • Resources
    • Events
    • News
    • Webinars
    • Courses
    • Newsletters
    • Blog
  • Contact Us

P2PE Certification

Request DatasheetRequest QuoteRequest Demo
You are here: Home / Certifications / P2PE Certification

P2PE Services Approach & Methodology

The Payments Security Standards Council (PCI SSC) have released their solutions Requirements and Testing Procedures version 3.1 for Point-to-Point Encryption (P2PE). These services, provided by acquiring processors and payments gateways, utilize PCI POI validated terminals to provide encryption of cardholder data from the retail establishment through to the acquirer. The standard is also applicable to organizations that provide part of the P2PE value chain including Key Injection Facilities, Certificate Authorities and Software Developers that develop software for POI devices. By implementing one of these solutions, a merchant may reduce the scope of their PCI DSS assessments, and significantly reduces risk of compromise of cardholder data.

The first step of a P2PE solution assessment is to accurately determine the scope of the solution. At least annually and prior to each assessment, the solution provider should confirm the accuracy of their solution scope by identifying all devices, P2PE data flows and processes, key-management functions and account-data stores, and ensure they are included in the solution scope.

Phase 1: P2PE Solution Gap Analysis

ControlCase will conduct an initial design analysis of Client controls, documentation and procedures against all applicable domains of the P2PE requirements. ControlCase will do the scope assessment to look for Network Segmentation, Third Parties/Outsourcing, sampling of system components and finally the verification of P2PE domain for the P2PE Solution.

ControlCase prepares gap report which clearly details findings as well as acceptable approaches for remediation.

Deliverables

Gap assessment report in soft copy and within the ControlCase IT GRC Platform (One for each application)

Phase 2: P2PE Remediation Support

ControlCase support client in remediation, including technical architecture, generation of policies and procedures which are customized for the Client environment, as well as training as necessary in secure development, incident response procedures, POI device life cycle, key management and other areas of interest.

ControlCase personnel will be accessible at any time through a published number and will also be available to attend onsite meetings to support remediation efforts.

remediation-1024x455

Phase 3: P2PE Solution Certification

ControlCase will conduct a final assessment against all domains and controls of P2PE. ControlCase will review Network segmentation, Third Parties/Outsourcing, Sampling of System Components, review multiple acquirers (if applicable), review P2PE program guide and generate an appropriate P2PE Report on Validation (P-ROV) for submission to the PCI Security Standards Council for review. Once the solution passes the review of ROV by PCI SSC it will be listed on their website as a validated solution. ControlCase also advises the customer on solution changes, as well as annual revalidation requirements.

Deliverables

  • P2PE Report on Validation (P-ROV)
  • Appropriate documents to the various card brands and PCI Council
  • Controls and evidence captured within the ControlCase IT GRC Platform
  • Facebook
  • LinkedIn
  • Twitter
  • YouTube

Footer

Connect

Corporate Headquarters
12015 Lee Jackson Memorial Hwy, Suite 520, Fairfax, VA 22033

Send us a message

Call Us

About Us

ControlCase is a United States based company, headquartered in Fairfax, Virginia with locations in North America, Europe, Latin America, Asia/Pacific and the Middle East to serve our clients globally.

Quick Links

  • Company
  • Team
  • Careers
  • Locations
  • Covid-19 Notice

Certifications, Assessments and Reports

  • PCI DSS Certification
  • CSA STAR Certification
  • GDPR Assessment
  • HIPAA Assessment
  • HITRUST Certification
  • ISO 27001 Certification
  • FedRAMP and 3PAO Services
  • MARS-E Assessment
  • P2PE Certification
  • PA DSS Certification
  • SOC2 Report

© ControlCase LLC 2023 | Privacy Policy | Impartiality Statement | Legal Notices