P2PE

Point to Point Encryption (P2PE) enhances the security of account data by encrypting it between a Point of Interaction (POI) device and the decryption environment. Starting with version 2.02.021, Simplify can be implemented as part of an Elavon PCI-validated P2PE solution. This will allow Simplify customers to reduce the scope of their PCI audits.

The principal purpose of this chapter is to serve as a guide to inform users on the role of Simplify in Elavon’s PCI-validated P2PE solution. Customer requirements for PCI-validated P2PE can be summarized as follows:

  • Ingenico Telium or Tetra PIN Pads using On-Guard encryption. See Versioning for more information.

  • All general requirements for secure communications must be followed. Network security must be reviewed periodically.

  • Any PCI-sensitive data received by the POS (encrypted or unencrypted) must be securely deleted when no longer needed.

  • Printing must conform with PCI and TPP rules for masking.

  • Informational Prompt messages (see Informational Prompting ) must not be used to request PCI-sensitive data from the customer.