Point-to-Point Encryption

Try as they might, many enterprise organizations are still struggling with cardholder data moving across their networks and how they can build an infrastructure to reduce the scope of their PCI compliance. Point-to-point encryption (P2PE), also known as end-to-end encryption (E2EE), can accomplish this to a certain extent, but many only reduce your PCI scope, not eliminate it. Coalfire can help you navigate the evolving PCI standards and keep your customer card data secure, while also keeping your organization maintaining compliance.

Choosing the Best in the Industry

There are two types of certified P2PE Qualified Security Assessment companies:

  • Organizations that are certified to perform QSA-P2PE assessments
  • Organizations that are qualified to perform Payment Application P2PE Assessments

In some instances, organizations are qualified to perform both P2PE assessment types. Coalfire is one such company. We have more P2PE assessors than any other QSA firm; but we’re not just the biggest, Coalfire’s consultants have the most experience in helping merchants reduce the scope of their environment using P2PE solutions. Coalfire has been and continues to be an active member in the PCI SSC’s P2PE task force and continues to provide input into developing the standard. Coalfire also has worked with more P2PE vendors and acquiring banks over the last two years than any other QSA company.

Who We Can Help

Payments Service Providers (processors, acquirers, POS developers)
You can become listed as a P2PE Solution Provider either in conjunction with your existing Report on Compliance (ROC) or as a separate assessment.

  • Dramatically ease your merchants’ PCI DSS validation burden
  • Consolidate PCI compliance costs with your exiting ROC
  • Reduce risk of data compromise for merchant population

Application Vendors
If you produce an application that runs on a POI utilizing P2PE, regardless of whether or not it has access to account data there are P2PE opportunities and requirements as well.

  • Get your application listed separately or in combination with a Service Provider P2PE solution
  • Utilize a P2PE solution to provide transaction details that does not bring a POS into scope for a merchant but still provides functionality beyond payment transactions.


  • Reduce risk of cardholder data compromise
  • Reduce PCI scope of validation
  • Reduction of PCI compliance-related costs
Follow us to get the latest updates.