DHS on PCI
The guidance on what's now being called point-to-point encryption that was recently reclesed by the PCI SSC was actually mentioned in a recent edition of the DHS's Daily Open Source Infrastructure Report. The DHS has a spin on this document that I hadn't seen before. Here's how they describe it:
During the past several years, some vendors have pitched end-to-end encryption as a way to eliminate the need to encrypt or tokenize database data for the purpose of PCI compliance.
I don't think that any vendors have pitched encryption as a way to eliminate the need to encrypt data. Maybe the author of the DHS report just wasn't being clear about what he meant.