PCI Update

There is good news forthose of you waiting to hear about where the PCISecurity Standards Council (PCI SSC) stands on P2PE (point-to-pointencryption).  As part of the standardsupdate to 3.1 released on October 14, 2011 the council has updatedits pin transaction security program to include changes that will addressencryption for data other than pin numbers. The changes in this update are effective immediately superseding theversion 3.0 standards.  The full documentis located at the PCI Councils website here: https://www.pcisecuritystandards.org/documents/P2PE_Hardware_Solution_%20Requirements_Initial_Release.pdf

Appendix A of this document contains the worksheet todetermine eligibility to reduce your PCI scope.

What had not been clearlydefined before has now been defined for manufactures to comply with PCIrequirements for devices and encryption beyond the normal pin pads and pinnumbers.  This new information will applyto mobile devices as well.

Please note there is language that specifically states that the end toend encryption does not take the merchant totally out of scope for PCIcompliance, however this is a very big step forward.