PCI Point-to-Point Encryption (P2PE)™ Solutions
This listing is a resource for merchants and acquirers to use in selecting a PCI-listed Point-to-Point Encryption (P2PE) Solution.
P2PE Solutions with an Expired Validation - These are P2PE Solutions whose validation approval has expired as described in the P2PE Program Guide. Please contact the payment brands for information regarding the use of expired P2PE Products. P2PE Solutions with an expired validation are listed separately here.
P2PE Solutions and the PIM - Each PCI-listed P2PE Solution has an associated P2PE Instruction Manual (PIM) that is provided by the Solution Provider. The PIM provides merchants pertinent guidance to effectively and securely manage their encryption environments and devices within their purview: e.g., the secure installation of POI devices, details of all P2PE Applications and other software on the POI devices, monitoring POI devices for signs of tampering, and appropriate incident response procedures for security incidents.
P2PE Program - For information regarding the PCI P2PE program, please click here for our document library.
P2PE Component and P2PE Application Listings - Click here for P2PE Application Listings or here for the P2PE Component Listings.Read more
Find Point-to-Point Encryption Solutions
Click here for more information about the listings
Dates in orange represent a P2PE Product that has not been revalidated in accordance with P2PE program requirements (up to 90 days overdue).
Dates in red represent a P2PE Product that has not been revalidated in accordance with P2PE program requirements (more than 90 days overdue).
Validated P2PE Products that have not been revalidated in accordance with P2PE program requirements within 180 days of their Annual Revalidation date or Reassessment date, as applicable, will be transferred to the P2PE Expired Listings.
Annually at year 1 and 2, based on the date of the P2PE Product's Acceptance, the P2PE Vendor is required to submit an updated P2PE Attestation of Validation for their Validated P2PE Product. Refer to the P2PE Program Guide for further information.
Validated P2PE Products require a Full Assessment every three years based on the date of the P2PE Product's Acceptance. Refer to the P2PE Program Guide for further information.
Indicates the P2PE Product is using a dependency (P2PE Component, P2PE Application, and/or POI Device) that is not in accordance with applicable P2PE Program Guide requirements (e.g., Annual Revalidation, Reassessment, etc.). Click on the listing "Details" to find the dependency, or dependencies, that are flagged with this icon. Refer to the P2PE Program Guide for more information.