SAQ P2PE is intended for SAQ-eligible merchants or merchant environments (as determined by the individual payment card brands), who process cardholder data only via PCI-approved point of interaction (POI) devices as part of a validated P2PE solution (per the PCI P2PE Program Guide). Merchants wishing to use SAQ P2PE must meet payment brand requirements for using an SAQ, and must also confirm that they:
- Are using a validated PCI P2PE solution (per the PCI P2PE Program Guide).
- Do not store, process, or transmit any cardholder data on any system or electronic media (for example, on computers, portable disks, or audio recordings) outside of the payment terminal used as part of the validated P2PE solution.
- Do not store any cardholder data in electronic format. This includes verifying that there is no legacy storage of cardholder data from other payment devices or systems.
- Have implemented all controls in the P2PE Instruction Manual (PIM) provided by the P2PE Solution Provider.
Article Number 1247