Chris Jennings

Product Update - PCI Validated P2PE on Express

Blog Post created by Chris Jennings on Jan 2, 2018

Vantiv Integrated Payment's customers and partners have relied on our solutions to help mitigate security vulnerabilities in part by offering PA-DSS validated payment solutions, PCI scope reducing technology such as tokenization, point-to-point encryption and triPOS. It is our commitment to you to maintain the highest level of security when payment card data is accepted at a business or through a partners' application.

 

In March of 2017, Vantiv’s PCI 1.0 P2PE validation lapsed. We did this based on a business decision to re-validate under the new 2.0 guidelines, enabling greater flexibility to both our partners and customers. Currently, we are working through the PCI 2.0 P2PE validation process for Express (and our semi-integrated solution triPOS) with hardware manufactures IDTech and Verifone. Below is a timeline for each validated solution.

 

 

Express validation: (IDTech SecuRED and SREDKey)

Vantiv received its first 2.0 P2PE validation on December 19, 2017 for IDTech equipment SREDKey and SecuRED. We have requested the PCI council add Vantiv to the P2PE website and it can be viewed here.

 

Verifone Mx series validation:

Two items are needed to complete the process of adding the Verifone Mx series to the Vantiv P2PE validation.

 

  • One is for Verifone to complete their PCI SSC Portal P2PE application AQM review, which was completed on November 7th, 2017.
  • Second is to complete the paperwork on the Vantiv PCI P2PE 2.0 validation. The official work is planned to start in December 2017. The expected timeframe for completion is 10 - 12 weeks if all goes to plan, which puts the final Vantiv PCI P2PE Validation with the Verifone Mx series complete in late Q1.

 

What happens with P2PE 1.0 validated hardware?

Anything that was distributed under PCI P2PE 1.0 validation (IDTech SecuRED, SREDKey and Verifone Mx915, Mx925) may be qualified to validate under P2PE 2.0. Additionally, any new Mx915 or Mx925 units currently being distributed following the P2PE distribution methods will also be allowed to validate under P2PE 2.0.

 

Both of these scenarios mentioned above are on the condition that the merchant is still following the P2PE Instruction Manual (PIM).

 

How do merchants pre order 2.0 P2PE hardware?

Vantiv works with two 2.0 P2PE certified hardware distributors, The Phoenix Group and POS Portal. As mentioned above, if the equipment is ordered following the 1.0 or 2.0 P2PE distribution methods and the merchant follows the 2.0 PIM guidelines, merchants may PCI validate using the P2PE SAQ.

 

It is important that a merchant POS application supports a direct integration to Express or utilizes triPOS Direct 5.13.0 or greater (formerly know as triPOS Distributed). triPOS Cloud is also in development to support 2.0 P2PE validated Verifone Mx 915 and Mx 925 (merchants should consult with their technology provider before ordering equipment).

To order equipment from either POS Portal or The Phoenix group, follow the instructions below:

 

 

 

 

 

 

 

* Due to inherent variables in launching a new product, notwithstanding anything to the contrary above, no commitment or guaranty, express or implied, is made as to the launch, timing, availability or functionality of the 2.0 P2PE PCI validated encryption or the required terms and conditions of its use.  Furthermore, Vantiv may from time to time, without notice, obligation or liability, modify, expand, restrict or suspend any of its product and service offerings.

Outcomes