Are You PCI SAQ P2PE Eligible?

It’s time to take the guess work out of what you need to submit every year to your acquirer.

Even when you’re environment is 100% Point-to-Point Encryption (P2PE), you’re still responsible for assessing your PCI in scope environment.

Every.

Single.

Year.

We’ve made it easier for you to complete your SAQ P2PE, but first, let’s make sure this is the right SAQ for you.

PCI SAQ P2PE Eligibility Requirements

  • All payment processing is via a validated PCI-listed P2PE solution
  • The only systems in the merchant environment that store, process, or transmit account data are the payment terminals from a validated PCI-listed P2PE solution
  • The merchant does not otherwise receive, transmit, or store account data electronically
  • Any account data the merchant might retain is on paper (for example, printed reports or receipts), and these documents are not received electronically
  • The merchant has implemented all controls in the P2PE Instruction Manual (PIM) provided by the P2PE solution provider

If you’ve answered yes to the above bullets, you’re eligible for the SAQ P2PE.

**If you’re a Level 1 Merchant, please consult with your QSA and / or acquirer. Level 1 merchants MUST go through an annual Report on Compliance. However, if you’re 100% P2PE, you may be able to narrow the scope of your RoC to the requirements in the SAQ P2PE. 

Our SAQ P2PE Bundle Takes The Guess Work Out of the PCI Equation

Imagine being able to rinse and repeat your annual PCI DSS assessment? 

What’s that worth to you?

Our SAQ P2PE bundle includes the following:

  • A summary checklist of all the documentation you need collect and assess for requirements 3, 9, and 12
  • A checklist of the evidence you need to collect and assess for requirements 3, 9, and 12
  • A checklist of any interviews and observations you need to conduct for requirements 3, 9, and 12
  • A breakdown of each requirement area that must be in place for a successful SAQ P2PE assessment
  • Info Sec Policy checklist
  • Security awareness and POI device training that you can download and use
  • List templates to help you fill out the executive summary portion of the SAQ P2PE
  • Third Party Service Provider checklist
  • Incident Response Plan checklist
  • Assessment worksheets where you can note any gaps or remediation required for compliance
  • Bonus!! Sample deck for a PCI Compliance Assessment Kick-Off Meeting!

We could offer this bundle for $1,000 or even $2,000 but we’re not. Right now you can grab this bundle for less than $450.

Ready?

 


Discover more from Payment Card Assesments

Subscribe to get the latest posts sent to your email.

4 Smart Ways To Stop Overcomplicating PCI Compliance

You can do PCI Compliance the Smart Way or the Hard Way. Which way do you choose?

You know that saying, “objects appear bigger in the rearview mirror,” right?

When it comes to PCI Compliance, satisfying the requirements often looks bigger the more you stare at them. And when you look at the requirements in isolation, they often look next to impossible to implement. Your brain (and my brain) want to over complicate what needs to be in place to secure the cardholder data environment.

Maybe you jump immediately to implementing the newest shiny security tool without thinking of how it will impact other in scope systems.

Maybe you leap to more complexity by adding layers of security controls and processes when one solid, repeatable process will do.

Or maybe you bury your head in the sand and sing lalalalalalalalalalala….(honestly, there were days I wish I could’ve done that!)

PCI Compliance doesn’t have to be complicated.

Here’s 4 smart ways to stop overcomplicating your PCI Compliance program:

Firewalls and Routers: How to Take Control of Unruly Firewall Rules, Configurations and Network Connections

Best Practice: Developers and system administrators request changes to firewall rule sets all the time. Whether it’s to do work on system components or test system components, these changes can make a mess out of your rule sets. It’s so easy for someone to unintentionally request an “any” rule which is prohibited in the cardholder data environment. Our best advice is to insert your ISA or someone on the compliance team into the firewall rule change review.

Leave a Reply

Discover more from Payment Card Assesments

Subscribe now to keep reading and get access to the full archive.

Continue reading