PCI Standards Council updates PIN transaction security requirements

By on

Aims to simplify process.

The PCI Standards Council has published the latest version of its PIN Transaction Security (PTS) Point of Interaction (POI) security requirements.

With version 2.0 now out of date, the council claimed that version 3.0 is designed to streamline and simplify testing and implementation, by providing a single set of modular evaluation requirements for all Personal Identification Number (PIN) acceptance POI terminals.

It has moved to simplify the testing process and eliminate overlap of documentation by providing one modular security evaluation program for all terminals and a single reference listing of approved products. This removes the three separate sets of requirements for Point of Sale PIN Entry Devices (PED), Encrypting PIN Pads (EPP) and Unattended Payment Terminals (UPT).

In addition to strengthening and restructuring existing requirements, the latest version also introduces three new modules for evaluation requirements. The first, entitled Open Protocols, applies to Internet Protocol (IP) or to wireless enabled devices. The Secure Reading and Exchange of Data (SRED) module facilitates testing of the secure reading and encryption of cardholder data at the point of entry, and the third module Integration, is designed to address the integration of components in an unattended POS PIN acceptance device.

Bob Russo, general manager of the council, said: “By combining all of the requirements into one program, we have simplified one-stop shopping when it comes to secure devices. This new approach and additional modules make it easier for manufacturers and merchants to make sure that at any point in a transaction, account data is being protected.”

Speaking to Dark Reading, Russo claimed that the introduction was particularly timely as point-of-sale [devices] are the hot spot these days.

He said: “There are breaches out there all the time, such as people boldly walking into stores and adding skimming devices to card readers in the checkout without being noticed. The goal is to simplify the security requirements process for payment equipment vendors and to provide merchants a simpler way to see a listing of PCI-compliant devices.”

See original article on scmagazineus.com

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition
Tags:
council pci pin requirements security standards transaction updates

Sponsored Whitepapers

10 questions to ask before you select a Network Performance Management tool
10 questions to ask before you select a Network Performance Management tool
Innovate faster. Why accelerating change is a CIO's biggest challenge.
Innovate faster. Why accelerating change is a CIO's biggest challenge.
Unlock faster time-to-revenue using Adobe digital document processes
Unlock faster time-to-revenue using Adobe digital document processes
How Security as Code changes development and deployment for the cloud
How Security as Code changes development and deployment for the cloud
Tackle new ITSM priorities with this seven-step Micro Focus guide
Tackle new ITSM priorities with this seven-step Micro Focus guide

Events

Most Read Articles

AWS cautions gov against rushing in more cyber security regulations

AWS cautions gov against rushing in more cyber security regulations
Telstra 'gamifies' cloud cost reduction efforts among internal teams

Telstra 'gamifies' cloud cost reduction efforts among internal teams
CBA to treat its software like "food in the fridge"

CBA to treat its software like "food in the fridge"
Coles keeps a close watch on its Azure cloud costs

Coles keeps a close watch on its Azure cloud costs

Digital Nation

COVER STORY: Data centre sustainability scrutiny puts emissions in the spotlight
COVER STORY: Data centre sustainability scrutiny puts emissions in the spotlight
Next generation of Digital Giants growing faster than the originals: Ray Wang
Next generation of Digital Giants growing faster than the originals: Ray Wang
Digital leaders master collaboration, reskilling and culture: Didier Bonnet
Digital leaders master collaboration, reskilling and culture: Didier Bonnet
Expect dramatic value chain disruptions every four years: McKinsey Global Institute
Expect dramatic value chain disruptions every four years: McKinsey Global Institute
HR platform consolidation unlocks the value of data at Aurecon
HR platform consolidation unlocks the value of data at Aurecon

Log In

Email:
Password:
  |  Forgot your password?