Frequently Asked Questions

< Back to search page

Can a QSA that is not also a P2PE Assessor validate an encryption solution meets P2PE Requirements?

FAQ Response

No. Only P2PE Assessors are qualified by the PCI Council to evaluate P2PE Solutions, P2PE Components and P2PE Applications. Note that only a QSA (P2PE) is qualified to evaluate P2PE Solutions (including Merchant-Managed Solutions) and P2PE Components, while a PA-QSA (P2PE) is additionally qualified to evaluate P2PE Applications.

June 2016
Article Number 1246

Who can use SAQ P2PE?

What effect does the use of a PCI-listed P2PE solution have on a merchant’s PCI DSS validation?

If a P2PE Solution is on PCI’s list of Point-to-Point Encryption Solutions with Expired Validations, does the solution meet the eligibility criteria for SAQ P2PE?

If a P2PE Solution is shown as red or orange on PCI’s list of Validated P2PE Solutions, does the solution meet the eligibility criteria for SAQ P2PE?

Can merchants use encryption solutions not listed on the PCI Council’s website to reduce their PCI DSS validation effort?

Frequently Asked Questions

Can a QSA that is not also a P2PE Assessor validate an encryption solution meets P2PE Requirements?

Related Articles