Point-to-Point Encryption

Navigating the future of PCI compliance and payment security

Point-to-Point Encryption (P2PE) is dramatically altering the payments landscape for merchants and service providers. More importantly, it will reduce the risk of theft of your customer’s data and associated business costs. Deployment of a PCI-listed P2PE solution can substantially reduce PCI DSS compliance efforts for merchants as well as card-present and mail/telephone order vendors. But the complexities and costs of the PCI P2PE requirements are frustrating for encryption service providers.

The Non-listed Encryption Solutions Assessment (NESA) was introduced by the PCI SSC to provide a new path for encryption solution providers working toward PCI P2PE validation. NESA helps merchants, acquirers, and card brands evaluate encryption solutions that do not fully meet the PCI P2PE standard. Merchants can use their service provider’s NESA to seek a reduction of their PCI DSS controls and associated costs. But, NESA isn’t a straightforward, universal remedy.  

Coalfire can help you navigate the PCI P2PE program to help you realize your business, security, and compliance objectives.

Payments Service Providers (Processors, Acquirers, POS Developers)

P2PE is far more than a tactical compliance decision. It can impact your business model, product planning, and go-to-market strategies. Our extensive P2PE services address strategic and tactical needs including:

  • Advisory – Collaborate with experts to make informed business decisions about your strategy and plan for P2PE validation (solution providers) or investment in a P2PE solution (merchants).

  • Preparation – More than just assessors, you get to market faster with access to gap and remediation services, documentation reviews, and instruction manual preparation.

  • Assessments – With experience designing and assessing some of the largest and most complicated solutions in the industry, you can trust us to map a plan for P2PE and NESA.

  • Value-Added Consulting – To overcome challenges along your P2PE journey, we offer architecture design, scalability and ROI analysis, integration strategy, and go-to-market whitepapers.

Application Vendors

If your application runs on a point-of-insertion (POI) device utilizing P2PE, regardless of whether it has access to account data, there are P2PE opportunities and requirements as well. Coalfire helps you with:

  • Preparation – Tools and services to accelerate your assessment and facilitate ongoing compliance efforts.

  • Assessments – Experts to identify and execute the best path to market through NESA and P2PE

  • Value-added Consulting – Workshops and go-to-market support to define and demonstrate how your solution addresses partner and customer compliance requirements.


P2PE can reduce a merchant’s PCI DSS compliance burden by over 70%. Whether migrating to a PCI-listed P2PE or non-listed encryption solution, merchants must plan and implement carefully to maximize their benefits. Coalfire helps merchants with:

  • Preparation – Conduct P2PE correctly. We provide advice on selecting an effective solution, planning for implementation and maintenance programs, and identification of key issues to maximize your compliance benefits.

  • Assessments – We can help verify that the listed or non-listed solution has been properly implemented.

  • Value-Added Consulting – Create the best end-to-end encryption strategy to meet your business constraints and security goals through our team’s unparalleled expertise.

Why Choose Coalfire for Point-to-Point Encryption

Working with Coalfire on P2PE and NESA, you can:

  • Get to market faster with access to the industry’s largest team of P2PE QSAs.

  • Improve your value proposition to end-users with tools and analysis that effectively communicates your solution and role in P2PE and NESA.

  • Address any encryption situation with one of the few organizations certified to validate both P2PE solutions and component QSA (P2PE) and P2PE applications PA-QSA (P2PE).

  • Trust in the knowledge and expertise of our experts in the five largest terminal device manufacturers.

  • Rely on unparalleled encryption experience developed from designing, assessing, and certifying the largest, most complicated P2PE and payment application solutions in the industry.

In addition, our CoalfireOne℠ platform provides you with the testing, documentation, reporting tools, and QSA support needed to support your P2PE assessment needs. The easy-to-use and secure CoalfireOne platform contains advanced features that make managing your risk and compliance program much easier.

The Coalfire Blog

New PCI NESA Guidance is Good News for Non-Listed Encryption Solutions

While PCI P2PE is still the most secure approach, solution providers, who are not yet...

Sign up for our Newsletter

Get the latest cybersecurity news and insights from Coalfire delivered to your inbox.