We are proud to announce that CDE is now a PCI validated P2PE v.2 facility. This new certification is more proof that we’re keeping payment security top of mind. With our P2PE v.2 validation, we have an even better opportunity to help make the lives of our partners and their merchants easier.
What’s P2PE v.2?
Originally, rigorous PCI council standards made achieving P2PE validation pretty difficult and large solution providers were depending on third party providers to distribute their P2PE solution under their validation. However, because the third parties were only validated under the partner provider they were serving, PCI auditing could become very cumbersome for both businesses.
Now, the PCI Security Standards Council has introduced version two of P2PE (P2PE v.2), that allows the different responsibilities involved with providing a validated P2PE solution to be split amongst separate entities, as “components”. Today, support services providers like CDE can provide services like key injection and deployment under their own P2PE component validation.
What makes P2PE v.2 better?
Point of interaction solution providers often outsource their equipment activities, from procurement all the way to deployment, in order to focus more on the evolution and improvement of their solutions. With the goal of simplifying their operations in mind, the last thing solution providers want to do is hold the responsibility of their partners’ PCI compliance in their hands. P2PE v.2 ensures that solution providers are creating, managing, and distributing points of interaction that are both PCI and P2PE compliant while allowing them the worry less about activities they are already outsourcing.
CDE's P2PE v.2 validation also allows us to guarantee our own ability to provide P2PE compliant services. With these validations, CDE's valued partners can rest assured that our company is fully equipped and qualified to handle their products as they continue to offer P2PE solutions to their merchants. Companies like CDE that commit the time and efforts to becoming P2PE validated have proven their own dedication to protecting the data of merchants and consumers, which can provide the peace of mind POI solution providers are seeking in such a high-pressure industry.
P2PE v.2 Strengthens Connections
While P2PE v.2 allows third party providers to act on their own behalf, it also requires that the line of communication and connection between POI solution providers and these third parties become even stronger. Because P2PE requires a documented chain of custody before the devices are deployed, documented tamper-proof packaging details, and shipping details, it’s important that the companies providing the solutions to merchants have the ability to access and verify this documentation. This means that P2PE Key Injection Facilities (KIFs), like CDE, must now be able to easily pass back and forth details about the serialized devices they are handling with partners.
P2PE v.2 requires that CDE have the willingness and ability to develop innovative ways to provide our partners with the information they need to guarantee a secure POI. Now, with P2PE v.2 validation under our belt, CDE is still hard at work refining systems to make the right data easily accessible and to close the loop between us, our partners, and their merchants. We're glad to be a P2PE v.2 validated company and excited to continue taking the struggle out of the security and support solutions that partners and their merchants depend on.