David Froud is on a roll. Tenable’s Jeffrey Man wrote a post regarding point-to-point encryption (P2PE) and it apparently got the juices flowing.
I have discussed P2PE (known to almost everyone else as end-to-end encryption or E2EE) a number of times (see my Post Series References page). Also see my post on What Happens Once Merchants Get Rid Of Cardholder Data to understand how the risks will shift and that the terminal becomes a large attack point. This is why we need to get to some sort of single use code for a payment which is easily handled with today’s smartphones.
Read the posts and decide. I think you will find that they both make compelling cases for why P2PE certification is a non-starter and is really not needed.
PCI Guru 