Our devices are validated to PCI P2PE version 2.0. They are also PCI PTS (PIN Transaction Security) certified, meaning our devices are Secure Reading and Exchange of Data (SRED) compliant. A PDF file of the implementation guide follows.
Clover P2PE Implementation Guide v5.3
Industry leading security solution
The strength of the Clover P2PE solution comes from its secure processor. All card data is immediately encrypted with TransArmor in the secure processor giving a distinct security advantage over software solutions. Card data never leaves the Clover terminal unencrypted. Encrypted card data is then sent to the TransArmor servers for decryption. Only TransArmor servers have the private keys to decrypt the transaction. TransArmor encryption can never be disabled, turned off, or decrypted on Clover terminals. Clover terminals only trust TransArmor keys for payments and cannot function without this certificate.
TransArmor uses industry-leading RSA 2048 bit keys to encrypt and decrypt card data. Clover terminals authenticate with TransArmor servers through a public-private key hierarchy. See Clover's PCI P2PE solutions.
Reduced PCI DSS scope
Additionally, by going through the validation process, we have reduced the scope of paperwork that you must complete as part of PCI DSS. All merchants that process, maintain, or store card data must show that they comply with the PCI DSS by submitting the PCI Self-Assessment Questionnaire (SAQ). Any merchant using Clover Mobile, Clover Mini, or Clover Flex will have fewer sections to fill out, saving you time, effort, and money in annual required testing and validation.
Good to know
If I currently use a Clover Mobile, Clover Mini, or Clover Flex, do I need to update my device for P2PE?
No action is required. All devices are automatically updated.
What about Clover Go, is it P2PE validated?
Unfortunately, no. It was not included as part of the Clover P2PE validation, but may be added in the future.
What about Clover Station, is it P2PE validated?
No, the 1st generation Clover Station is a magnetic-stripe only device and does not qualify.
If I use the Clover P2PE solution, do I still need to validate PCI DSS?
Yes, as part of your annual validation you still need to comply with all other relevant merchant-related questions. However, P2PE validation simplifies the process by removing sections pertaining to Clover terminals.
Why do I need to still validate annually if Clover is P2PE validated?
The card brands and processors still need to ensure merchants comply with physical security practices such as inspecting devices. However, P2PE validation simplifies the process.
Which Self-Assessment Questionnaire (SAQ) do I need to complete if I only use Clover P2PE?
Each merchant is different depending on what type of terminals and processing you have (such as card present, card not present, or various terminals). Be sure to read the PCI Council Data Security Standard Self-Assessment Questionnaire (SAQ) Instructions and Guidelines document.
Will future Clover devices be included as part of the P2PE solution
Yes, future Clover devices will be included in the P2PE solution.
Please check back for any updates to future Clover terminals for P2PE validation.