Frequently Asked Question

Is a "P2PE Assessor" required for a merchant's PCI DSS assessment if the merchant uses a Council-listed P2PE solution?

No, merchants using PCI-listed P2PE solutions are not required to engage a P2PE assessor [that is, a P2PE Assessor or P2PE Application Assessor] for their PCI DSS assessments. 
 
Merchants should contact their acquirer (merchant bank) or payment brand(s) directly to understand their PCI DSS validation requirements. See FAQ 1142 How do I contact the payment card brands? for information regarding contacting the payment brands. 
 
Merchants wishing to engage a QSA for their PCI DSS review can find a list of QSAs on the PCI SSC web site -  https://www.pcisecuritystandards.org/approved_companies_providers/qsa_companies.php

May 2024
Article Number: 1163

Featured FAQ Articles