PCI PIN: Replace Your Assessor after Two Assessment Cycles

6. October 2022

As the successor to the VISA PIN Security Requirements valid until 2019, the PCI PIN Security Standard PCI PIN Security Standard includes security requirements for the protection of Personal Identification Numbers (PINs), which are used to confirm the identity of a credit card holder during the payment process.

The requirements are aimed at secure management, processing, and transmission of PINs in online and offline transactions at ATMs as well as at supervised and unsupervised payment terminals (e.g., ticket vending machines) and must be met by all organizations that accept or process transactions from ATMs or point-of-sale terminals on the acquiring side. The standard is thus aimed in particular at banks, payment providers and network operators.

To successfully demonstrate PCI PIN compliance, affected companies are required to have an audit performed by an accredited Qualified PIN Assessor (QPA) every two years. During such an audit, certified and specially trained assessors identify deviations from the standard in the company by means of interviews, document reviews and technical tests.

Important: Companies subject to certification must change their PIN assessor regularly

In its VISA PIN Security Program Guide, VISA formulates some basic requirements for PIN security. These include the rule that companies subject to certification must replace their QPA Company after two consecutive assessment cycles at the latest. This practice is intended to help ensure that security assessments are conducted objectively and thoroughly on a permanent basis.

How can we help?

usd AG is officially accredited by the PCI SSC as a Qualified PIN Assessor. We are also happy to offer you combined audits in conjunction with other PCI standards (for example P2PE). Contact us - we will support you with your PCI certification project.

Also interesting:

Setting off for DORA – Your Preparation in 3 Steps

Setting off for DORA – Your Preparation in 3 Steps

DORA, the Digital Operational Resilience Act, is currently keeping the entire European financial sector on tenterhooks. The European Commission's regulation is accompanied by extensive requirements for digital resilience and there is less than a year left to implement...

What Cyber Security Has to Do with Your Annual Financial Statements

What Cyber Security Has to Do with Your Annual Financial Statements

Inadequate cyber security is one of the biggest risks for companies today. This is the assessment of the World Economic Forum, which ranks cyber insecurity as the fourth biggest risk for the next two years in its Global Risks Report 2024. That is why cyber security...

Cloud Provider plusserver Certified According to PCI DSS v4.0

Cloud Provider plusserver Certified According to PCI DSS v4.0

At the beginning of 2024, the leading German cloud provider plusserver was certified by usd AG according to the globally mandatory PCI DSS v4.0 credit card security standard. With its cloud platforms, plusserver provides its customers with a data-sovereign and...

Categories

Categories