Using the AWS Payment Cryptography Decryption Component in P2PE solutions

PCI P2PE Solutions can use the AWS Payment Cryptography Decryption Component. This is documented in the PCI Point-to-Point Encryption: Security Requirements and Testing Procedures, Section P2PE Solutions and Use of Third Parties and/or P2PE Component Providers: “A solution provider (or a merchant as a solution provider) can outsource certain P2PE functions to PCI-listed P2PE component providers and report use of the PCI-listed P2PE component(s) in their P2PE Report on Validation (P-ROV)”, which is available on the PCI website.

As with other AWS services and compliance standards, it is your responsibility to use the service securely, configuring access control and using security parameters in alignment with PCI P2PE requirements. The AWS Payment Cryptography P2PE Decryption Component User’s Guide, which is available on AWS Artifact, has detailed instructions for integrating AWS Payment Cryptography with your PCI P2PE Solution and the annual decryption component report, which is required for compliance reporting.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Control Objective 7: Equipment used to process PINs and keys is managed in a secure manner.

Identity and access management