PCI PIN Security
What is PCI PIN Security?
The PCI (Payment Card Industry) Security Standards Council have defined a complete set of requirements and testing procedures for the secure management, processing, and transmission of personal identification number (PIN) data during online and offline payment card transaction processing at ATMs and attended and unattended point-of-sale (POS) terminals. These PIN Security Requirements are based on the industry standards and provide:
- The minimum security requirements for PIN-based interchange transactions
- The minimum acceptable requirements for securing PINs and encryption keys
- Reasonable assurance to all retail electronic payment system participants adhering to the requirements that the risk cardholder PINs will be compromised is minimized
What does PCI PIN Security compliance look like?
Proper PCI PIN security involves ensuring that a customer’s PIN remains secure and confidential throughout the process of PIN based identification at the point of transaction. The 33 requirements presented in the PCI PIN Security requirements and testing procedures document are organized into seven logically related groups, referred to as “Control Objectives” concerning how PINs are processed both in terms of equipment and methodologies used, including how cryptographic keys used for PIN encryption and decryption are created, transmitted and administered such that unauthorized use can be prevented or detected. These requirements are intended for use by all acquiring institutions and agents responsible for PIN transaction processing on the payment card industry participants’ denominated accounts and should be used in conjunction with applicable industry standards.
How can Pointe Solutions help you with your PCI PIN Security compliance?
As a Qualified PIN Assessor (QPA) company, Pointe Solutions has been approved by the PCI Council to validate an entity’s adherence to the PCI PIN Standard. Our certified PCI PIN Security experts work with you through interviews, documentation review and testing to pull together an accurate picture of your PIN security, identifying and advising on gaps and where and how improvements could be made to achieve compliance and further reduce risk. We are here to support you every step of the way- bringing the comfort of knowing you are doing what you need to achieve and maintain compliance in this challenging area.