PCI P2PE
Your certification according to the
point-to-point encryption standard
The PCI P2PE (Point-to-Point Encryption) standard ensures that credit card data is encrypted from the point of entry to the endpoint and that the transmission paths and intermediate components provide the best possible support for merchants in complying with the PCI DSS security requirements. PCI P2PE solutions are validated according to the strict security requirements of the PCI P2PE standard and are listed on the website of the PCI Security Standards Council (PCI SSC).
usd AG is officially accredited by the PCI SSC as an assessor for P2PE solutions. Read more about our latest P2PE certification project here .
Your P2PE Assessment
Phase 1: Planning and Preparation Based on the audit scope, we determine the detailed procedure for the PCI P2PE audit and coordinate this with the responsible parties in your company.. |
Phase 2: Onsite und Offsite Audit The onsite and offsite audit is a formal audit process. Our auditor in charge will check all matters relevant to PCI P2PE at your premises. A distinction is made between the P2PE application (on the POI) and the P2PE solution. The audit takes the form of interviews with your responsible employees, site inspections, document reviews, the inspection of all relevant P2PE components, the POI device and your application. |
Phase 3: Audit Results and Follow-Up Any deviations from the PCI P2PE identified during the audit are documented by us on a daily basis in the Audit Connect ticket system, including the necessary, concrete recommendations for correcting the identified deviations. You use Audit Connect to correct the identified deviations. |
Phase 4: Report Creatin and Submission The usd assessor prepares the Application Report on Validation (P-RoV) and the P2PE Solution Report on Validation (Solution P-ROV) in accordance with the PCI P2PE specifications to verify compliance with the credit card organizations. This final report describes the concrete implementation of the individual PCI P2PE requirements at your company in detail and documents the assessor's procedure for checking the respective requirement in a comprehensible manner for the credit card organizations. Finally, we coordinate the two P-ROVs with you and submit them to the PCI SSC together with the P2PE Solution Attestation of Validation (AoV) and the P2PE Application Attestation of Validation (AoV). |
PCI P2PE Certificate and Seal Once the P2PE P-ROVs have been approved by the PCI SSC, we will issue you with your PCI P2PE certificate. |