Returen to PCI services


PCI P2PE (PCI Point-to-Point Encryption) Service

What atsec offers
atsec (Beijing) Information Technology Co., Ltd (“atsec China” for short) is accredited as a Qualified Security Assessor P2PE (QSA (P2PE)) and Payment Application Qualified Security Assessor P2PE Company (PA-QSA (P2PE)) by the Payment Card Industry (PCI) Security Standards Council (SSC). Currently atsec China provides PCI P2PE service to the Asia Pacific market.

As an accredited QSA (P2PE) and PA-QSA (P2PE), atsec China performs security assessments for P2PE Solutions, P2PE Components and/or P2PE Applications, and validates them to be compliant with PCI P2PE standard.

The objective of P2PE is to facilitate the development, approval, and deployment of PCI approved P2PE solutions that will increase the protection of account data by encrypting that data from the point of interaction within the encryption environment, where account data is captured, through to the point of decrypting that data inside the decryption environment, effectively removing clear-text account data between these two points.

Why our services are important to you
The P2PE solutions, components and/or applications assessed by atsec will be validated by PCI SSC and listed on the offical website of PCI SSC. Global merchants and acquirers can use the P2PE solutions list to select an appropriate P2PE solution, and a traditional P2PE solution can be helpful in reducing the scope of the cardholder data environment and also PCI DSS assessment, and improving the overall security. The P2PE components list can be used by PCI P2PE solution providers or by merchants implementing their own Merchant Managed Solution (MMS), while the P2PE applications list can be used by PCI P2PE solution providers, PCI P2PE Encryption Management Entity Component Providers, or for merchants implementing their own MMS.

P2PE Consulting Services

What atsec offers
atsec China offers a full range of consulting services to support your solution, component and/or application in achieving compliance with the PCI P2PE. Our consultants have detailed and expert experience in each of the six requirement domains shown below, and can provide guidance and support on the technical implementation, help you develop policies and procedures, and also assess your compliance with the standard.

  • Domain 1: Encryption Device and Application Management
  • Domain 2: Application Security
  • Domain 3: P2PE Solution Management
  • Domain 4: Decryption Environment
  • Domain 5: P2PE Cryptographic Key Operations and Device Management
  • Appendix A: Merchant-Managed Solutions: Separation between Merchant Encryption and Decryption Environments

Why our services are important to you
atsec has the experience and knowledge of cryptographic techniques (including FIPS 140-2, cryptographic algorithms, key management, and key lifecycle), modern, secure embedded systems hardware and software architectures, attack methodologies through exploitation of logical vulnerabilities, application penetration testing methodologies, HSM operations, policies and procedures. atsec’s consultants can help you to achieve the P2PE compliance, and improve the overall security for your solutions, components and/or applications.

For more information
More information about atsec PCI services and our public resources can be found at http://www.atsec.com and at the PCI SSC website at https://www.pcisecuritystandards.org.

For more information about this service, please contact us at info_cn@atsec.com.