Industry Security Standards: the Evolution of P2PE by Bernie Clary

Just as the payments industry evolves, so too must the standards that govern it, which is why a version of any given PCI standard, regardless of how comprehensive it seems, will inevitably be updated. Something that makes the PCI SSC stand out from other regulatory bodies, as far as its standards are concerned, is accessibility. The PCI SSC does not exist in a vacuum and relies on input from members of the payments industry to ensure the standards they release are relevant, easily interpreted, and achievable by the merchant base. With the delay of a PCI P2PE version update due to the responses from a recent “Request for Comments” period, one can see just how important this inclusion is to the PCI SSC. As another review period is just around the corner, it will be interesting to see what the revised version 3.0 of the PCI P2PE standard has in store, and how the industry will shape its final iteration.