Frequently Asked Questions

< Back to search page

If a P2PE Solution is shown as red or orange on PCI’s list of Validated P2PE Solutions, does the solution meet the eligibility criteria for SAQ P2PE?

FAQ Response

Yes, P2PE solutions with dates shown as red or orange are considered validated P2PE solutions and meet the eligibility criteria for SAQ P2PE. Dates shown in colors on the PCI SSC list of Validated P2PE Solutions indicate that the solution has not been revalidated in accordance with P2PE program requirements.  Orange means that the P2PE Solution revalidation is up to 90 days overdue and red means that the P2PE Solution revalidation is more than 90 days overdue.  These colors and their meaning are described at the bottom of each listings page and are defined in the P2PE Program Guide.

P2PE Solutions that are red for more than 90 days will be moved to PCI’s list of Point-to-Point Encryption Solutions with Expired Validations.  Expired P2PE solutions are no longer considered “validated” per the P2PE Program Guide and the validations are therefore expired.  Refer to If a P2PE Solution is on PCI’s list of Point-to-Point Encryption Solutions with Expired Validations, does the solution meet the eligibility criteria for SAQ P2PE? for more information.

SAQ P2PE is intended for SAQ-eligible merchants or merchant environments as determined by the individual payment card brands.  Refer to Who can use SAQ P2PE? for more information.
 

September 2020
Article Number 1484

Related Articles

What effect does the use of a PCI-listed P2PE solution have on a merchant’s PCI DSS validation?

Who can use SAQ P2PE?

How do PCI PTS-approved POI device expiry dates affect a PCI-listed P2PE solution?

Can merchants use encryption solutions not listed on the PCI Council’s website to reduce their PCI DSS validation effort?

How does Triple DEA (TDEA) impact ASV Scan results?