Note that all applications with access to clear-text account data must be reviewed
according to Domain 2 and are included in the P2PE solution listing. These
applications may also be optionally included in the PCI P2PE list of Validated P2PE
Applications list at vendor or solution provider discretion.
Application
vendor,
name and
version #
POI device model
name(s) and
number:
POI Device
Hardware &
Firmware
Version #
Is application
PCI listed?
(Y/N)
Does application
have access to
clear-text
account data
(Y/N)
All Clover devices are out of scope for Domain 2 since all cardholder data is encrypted at swipe,
dip, or tap (SRED). No payment card data is ever stored in any application and is only
processed by the firmware of the device.
2.3 POI Inventory & Monitoring
▪ All POI devices must be documented via inventory control and monitoring
procedures, including device status (deployed, awaiting deployment, undergoing
repair or otherwise not in use, or in transit).
▪ This inventory must be performed annually, at a minimum.
▪ Any variances in inventory, including missing or substituted POI devices, must be
reported to Clover Network, Inc.
via the contact information in Section 1.2 above.
▪ Sample inventory table below is for illustrative purposes only. The actual inventory
should be captured and maintained by the merchant in an external document.
Merchants can keep track of all devices using the Clover Web Management Dashboard.
Using the Dashboard, all registered Clover devices will appear in their Devices tab in their
Dashboard. From here, they can regularly manage their inventory and keep track of them.
P2PE Implementation Manual for PCI P2PE v2.0 Clover Network, Inc. April 2018
© 2018 Clover Network, Inc. All Rights Reserved. Page 4
To Next Page
Loading...
Need help?
General
