Are You PCI SAQ P2PE Eligible?

It’s time to take the guess work out of what you need to submit every year to your acquirer.

Even when you’re environment is 100% Point-to-Point Encryption (P2PE), you’re still responsible for assessing your PCI in scope environment.

Every.

Single.

Year.

We’ve made it easier for you to complete your SAQ P2PE, but first, let’s make sure this is the right SAQ for you.

PCI SAQ P2PE Eligibility Requirements

  • All payment processing is via a validated PCI-listed P2PE solution
  • The only systems in the merchant environment that store, process, or transmit account data are the payment terminals from a validated PCI-listed P2PE solution
  • The merchant does not otherwise receive, transmit, or store account data electronically
  • Any account data the merchant might retain is on paper (for example, printed reports or receipts), and these documents are not received electronically
  • The merchant has implemented all controls in the P2PE Instruction Manual (PIM) provided by the P2PE solution provider

If you’ve answered yes to the above bullets, you’re eligible for the SAQ P2PE.

**If you’re a Level 1 Merchant, please consult with your QSA and / or acquirer. Level 1 merchants MUST go through an annual Report on Compliance. However, if you’re 100% P2PE, you may be able to narrow the scope of your RoC to the requirements in the SAQ P2PE. 

Our SAQ P2PE Bundle Takes The Guess Work Out of the PCI Equation

Imagine being able to rinse and repeat your annual PCI DSS assessment? 

What’s that worth to you?

Our SAQ P2PE bundle includes the following:

  • A summary checklist of all the documentation you need collect and assess for requirements 3, 9, and 12
  • A checklist of the evidence you need to collect and assess for requirements 3, 9, and 12
  • A checklist of any interviews and observations you need to conduct for requirements 3, 9, and 12
  • A breakdown of each requirement area that must be in place for a successful SAQ P2PE assessment
  • Info Sec Policy checklist
  • Security awareness and POI device training that you can download and use
  • List templates to help you fill out the executive summary portion of the SAQ P2PE
  • Third Party Service Provider checklist
  • Incident Response Plan checklist
  • Assessment worksheets where you can note any gaps or remediation required for compliance
  • Bonus!! Sample deck for a PCI Compliance Assessment Kick-Off Meeting!

We could offer this bundle for $1,000 or even $2,000 but we’re not. Right now you can grab this bundle for less than $450.

Ready?

 

Firewalls and Routers: How to Take Control of Unruly Firewall Rules, Configurations and Network Connections

Best Practice: Developers and system administrators request changes to firewall rule sets all the time. Whether it’s to do work on system components or test system components, these changes can make a mess out of your rule sets. It’s so easy for someone to unintentionally request an “any” rule which is prohibited in the cardholder data environment. Our best advice is to insert your ISA or someone on the compliance team into the firewall rule change review.

5 PCI Compliance Headaches You Can Live Without

If PCI Compliance were easy, every organization would be doing it, right?

But it’s not.

The sad statistic from the most recent Verizon Payment Security Report is that 57% of all merchants fail to sustain PCI DSS Compliance.

Why?

There are so many reasons. Where do we start?

Let’s start with the 5 PCI Compliance headaches everyone can live without.

Leave a Reply

Your email address will not be published. Required fields are marked *

This field is required.

This field is required.