PCI SAQ P2PE-HW | Point-to-Point Encryption | Hardware Terminals | PCI Compliance Policies
PCI SAQ P2PE-HW is the Self-Assessment Questionnaire form to be used for merchants who process cardholder data only via hardware payment terminals within a validated and PCI-SSC listed Point-to-Point Encryption (P2PE) solution. Furthermore, SAQ P2PE-HW merchants do not have access to clear text cardholder data on ANY computer system and only enter account data via hardware payment terminals from a PCI SSC approved P2PE solution. So what specifically is Point-to-Point Encryption (P2PE), you may be asking, it’s defined as the following by the Payment Card Industry Security Standards Council (PCI-SSC) within their publication titled, “Frequently Asked Questions for PCI Point-to-Point Encryption (P2PE)” in August, 2012:
A point to point encryption (P2PE) solution is provided by a third party solution provider, and is a combination of secure devices, applications and processes that encrypt data from the point of interaction (at the point of swipe or dip) until the data reaches the solution provider’s secure decryption environment.
A PCI P2PE solution must include all of the following:
• Secure encryption of payment card data at the point of interaction (POI)
• P2PE validated application(s) at the point of interaction
• Secure management of encryption and decryption devices
• Management of the decryption environment and all decrypted account data
• Use of secure encryption methodologies and cryptographic key operations, including key
generation, distribution, loading/injection, administration and usage.
Requirements for allowing Merchants to use SAQ P2PE-HW for PCI DSS Compliance
Before beginning the process with SAQ P2PE-HW, please confirm the following (according to the actual SAQ P2PE-HW document available at pcisecuritystandards.org):
• Your company does not store, process, or transmit any cardholder data on any system or electronic media (i.e., computers, portable disks, audio recording, etc.) outside of the hardware payment terminal used as part of a validated PCI P2PE solution.
• You company has in fact confirmed that the implemented PCI P2PE solution is listed on the PCI SSC’s list of Validated P2PE solutions.
• Your company does not store any cardholder data in electronic format, including no legacy storage of cardholder data from prior payment devices or systems, and
• Your company has implemented all controls in the P2PE Instructions Manual (PIM) provided by the P2PE solution provider.
SAQ P2PE-HW PCI Compliance Policies for Point-to-Point Encryption | Download Today
If you meet the above listed provisions, then self-assessing with PCI SAQ P2PE-HW is allowable, which will ultimately require PCI compliance policies for assisting with the required mandates for this specific Self-Assessment Questionnaire. As for PCI SAQ P2PE-HW, pcipolicyportal.com has developed PCI compliance policies specific to this very SAQ, so simply purchase the SAQ P2PE-HW policies, and follow the PCI SAQ Certification process steps.
Furthermore, pcipolicyportal.com also offers policy and procedure writing services, along with PCI compliance policies for all other SAQ reporting mandates (A, B, C, C-VT, and D), including Level 1 onsite assessments by an actual PCI-QSA. Contact us today to learn more, along with signing up for free pcipolicyportal.com training webinars.