The PCI P2PE standard has for sometime governed security requirements for technologies and services that organizations use for end-to-end encryption of cardholder data. The goal is to ensure that no sensitive cardholder data passes in unencrypted form through a merchant’s point of sale system. P2PE has widely been recognized as a way for organizations to reduce the scope of their PCI compliance obligations.
In December 2019, the Council will publish Version 3.0 of the P2PE standard, featuring changes more to the underlying program itself rather than to specific compliance requirements. Starting with P2PE v3.0, the Council will allow point-to-point encryption providers to validate individual components of their technology instead of having to validate them as a complete set.