P2PE Compliance

Triangle Graphic

The Payment Card Industry Point-to-Point Encryption (P2PE) program requires P2PE solution, application, and component providers to maintain specific requirements for their overall P2PE solution in regards to encryption device processes, merchant guidance, decryption environments, and cryptographic keys that are used throughout the P2PE Solution.

As a P2PE PA-QSA, Tevora offers a comprehensive P2PE program that provides you with assurances from architectural assistance through P2PE listing. Our P2PE QSA’s leverage their extensive cryptographic and application knowledge to help you develop an effective P2PE strategy and assist you in pursuing the appropriate program validations.


Gap Analysis

A tactical analysis of the architectural, component, and encryption capabilities of the P2PE solution that outlines strategies for a cost effective road to compliance.

Application Risk Assessment

Risk Analysis, API and software testing to ensure the P2PE solution is not vulnerable to application-security design flaws made during the software-development process.

P2PE Certification

Upon successful review of compliance requirements, Tevora will create and submit the P2PE Report on Validation (P-ROV) to the PCI Security Counsel for listing.

TSP Compliance

Token Service Providers (TSP)’s are entities that are or are planning on registering as a Token Service Providers by EMVCo. As a P2PE QSA company, Tevora can evaluate token data against the PCI TSP Requirements. Upon successful review of cryptographic key management, physical and logical security controls a PCI TSP Report on Compliance (ROC) is created and can be submitted by the TSP to their applicable payment brand(s).