P2PE Support Guide Overview

This article provides a comprehensive reference for working with CSG Forte’s PCI-validated Point-to-Point Encryption (P2PE) solution. It is designed to support partners, clients, and internal teams in managing every step of the P2PE lifecycle—from ordering and configuring terminals to maintaining compliance and handling incidents.

The main objective of this guide is to ensure that all P2PE-related processes are executed securely, consistently, and in alignment with PCI standards. By following the documented procedures, organizations can minimize risks, protect cardholder data, and maintain compliance with regulatory requirements.

What You’ll Find in This Guide

1. P2PE Solution and Data Flows

   • Understanding P2PE Solution Providers

   • P2PE Terminal Order Flow

   • Cardholder Data Flow (must remain current and accurate)

   • Solution Flow (must remain current and accurate)

2. P2PE Assessments and Documentation

   • P2PE Assessment

   • P2PE Instruction Manual

   • Validated P2PE Configurations (reviewed annually by Product Group)

3. Ordering, Returns, and Replacements

   • Terminal Order Process

   • P2PE Order Field Descriptions

   • P2PE Returns and Replacements

   • Updating Terminal State for RMA

4. Bluefin P2PE Manager Setup

   • Ensuring Hierarchy and User Setup

   • Setting up a New Partner, Client, or Location

   • Changing Terminal Position in the Hierarchy

   • Creating Users in P2PE Manager

5. Terminal Setup and Configuration

   • Terminal VHQ Setup Process (Forte Tech Support)

   • Terminal Setup/Install (CDE)

   • Verifying a Terminal Has P2PE Enabled

   • Employee Access to the VHQ Portal (reviewed annually)

6. Reporting, Monitoring, and Compliance

   • Reporting and Monitoring the P2PE Decryption Environment

   • Verifone Smart Card Handling

   • Smart Card/Laptop Check-out Log

7. Application Management and Security

   • Updates to V400c P2PE Applications

   • Application Signing Log

   • File Signing Process and Uploading to VHQ

   • Creating/Adding Updated Instances of the Forte Application

   • Pointing Reference Sets to New Instances

   • Software Reversion and Critical Security Update Procedures

   • Forte Application Deployment

8. Change Management and Incident Response

   • Partner Usage of CSG Forte’s P2PE Solution

   • Changes to the P2PE Solution

   • Handling Suspicious Activity

   • Incident Response Procedure

   • P2PE Control Failures

   • Escalations

This structured support article is intended to serve as a single source of truth for all P2PE-related processes, ensuring accuracy, security, and compliance at every stage.