A Merchant Guide for Deploying and Maintaining the FreedomPay® P2PE Scope-Reduction Solution
Security is a never-ending race. With the FreedomPay® Point-to-Point Encryption (P2PE) Scope-Reduction Solution, your organization can remain a step ahead. The FreedomPay P2PE Solution is North America’s first fully functional P2PE payment technology validated by the PCI Security Standards Council (PCI SSC). According to the PCI SSC, when correctly implemented, a validated P2PE solution may simplify a merchant’s PCI compliance program by eliminating clear-text cardholder data from the merchant’s environment and reducing the scope of PCI DSS requirements.
Validated P2PE solutions reduce PCI DSS compliance scope by eliminating clear-text cardholder data from the merchant’s environment or, if the merchant also operates other payment channels, by isolating the P2PE environment from clear-text cardholder data. As with any successful solution, planning, implementation, maintenance, and periodic reviews are important requirements and processes to maximize the associated benefits.
Note: Scope reduction is dependent upon correct implementation of a validated P2PE solution and neither PCI nor FreedomPay guaranty that implementation of a validated P2PE solution will yield an out of scope process for purposes of PCI DSS compliance. Rather, as noted by PCI SSC, any discussions about scope reduction should be held between the individual organization and its acquirer, payment brand or quality security assessor.
This manual is provided solely for informational purposes and use as a program implementation guideline for PCI DSS scope reduction. This manual is based on PCI DSS guidelines in effect as of the date of this manual. Nothing in this manual is or may be construed as a representation or warranty of any nature whatsoever and Freedom Pay, Inc. disclaims liability for any errors or omissions in this document. FreedomPay does not validate or warrant merchant compliance with PCI DSS or merchant eligibility for any validation or other accreditation standards. Review or approval by FreedomPay of merchant systems or processes does not constitute a representation or warranty by FreedomPay of merchant system effectiveness or suitability and shall not be deemed to transfer risk or liability to FreedomPay. The use of any POI device other than a FreedomPay supplied POI device is at merchant’s sole risk and FreedomPay has no duty to inspect data transmitted by merchant for unencrypted cardholder data introduced by the use of POI devices not supplied by FreedomPay. Data processing by FreedomPay does not constitute a warranty that merchant is within the scope of the FreedomPay P2PE Solution. EXCEPT AS SET FORTH IN ITS WRITTEN CONTRACTOR WITH THE MERCHANT, FREEDOMPAY MAKES NO WARRANTIES, EXPRESS OR IMPLIED, INCLUDING WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE OR OTHERWISE AND SHALL HAVE NO LIABILITY FOR ANY LOSSES DAMAGES ARISING IN CONNECTION WITH THIS PIM, WHETHER DIRECT, INDIRECT, GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL.