P2PE Compliance
P2PE Compliance
Tevora’s Point-to-Point Encryption Program (P2PE) offerings help you develop an effective, implementable compliance strategy, allowing you to process payment card transactions securely.
The Payment Card Industry P2PE program requires P2PE solution, application and component providers to maintain specific requirements for their overall P2PE solution regarding encryption device processes, merchant guidance, decryption environments, and cryptographic keys that are used throughout the P2PE Solution.
As a P2PE PA-QSA, we offer a comprehensive P2PE program that provides you with assurances from architectural assistance through P2PE listing. Our P2PE QSA’s leverage their extensive cryptographic and application knowledge to help you develop an effective P2PE strategy and assist you in pursuing the appropriate program validations.
Our four-phased approach includes:
1. Gap Analysis
We will provide you with a tactical analysis of the architectural, component and encryption capabilities of the P2PE solution that outlines strategies for a cost-effective road to compliance.
2. Application Risk Assessment
We provide risk Analysis, API and software testing to ensure the P2PE solution is not vulnerable to application-security design flaws made during the software development process.
3. P2PE Report on Validation
(P-ROV)
After reviewing compliance requirements, our consultants at Tevora will create and submit the P2PE Report on Validation (P-ROV) to the PCI Security Counsel for listing.
4. TSP Report on Compliance (ROC)
Token Service Providers (TSP)’s are entities that are or are planning on registering as a Token Service Providers by EMVCo. As a P2PE QSA company, Tevora can evaluate token data against the PCI TSP Requirements. Upon successful review of cryptographic key management, physical and logical security controls a PCI TSP Report on Compliance (ROC) is created and can be submitted by the TSP to their applicable payment brand(s).
