PCI PIN: Replace Your Assessor after Two Assessment Cycles

6. October 2022

As the successor to the VISA PIN Security Requirements valid until 2019, the PCI PIN Security Standard PCI PIN Security Standard includes security requirements for the protection of Personal Identification Numbers (PINs), which are used to confirm the identity of a credit card holder during the payment process.

The requirements are aimed at secure management, processing, and transmission of PINs in online and offline transactions at ATMs as well as at supervised and unsupervised payment terminals (e.g., ticket vending machines) and must be met by all organizations that accept or process transactions from ATMs or point-of-sale terminals on the acquiring side. The standard is thus aimed in particular at banks, payment providers and network operators.

To successfully demonstrate PCI PIN compliance, affected companies are required to have an audit performed by an accredited Qualified PIN Assessor (QPA) every two years. During such an audit, certified and specially trained assessors identify deviations from the standard in the company by means of interviews, document reviews and technical tests.

Important: Companies subject to certification must change their PIN assessor regularly

In its VISA PIN Security Program Guide, VISA formulates some basic requirements for PIN security. These include the rule that companies subject to certification must replace their QPA Company after two consecutive assessment cycles at the latest. This practice is intended to help ensure that security assessments are conducted objectively and thoroughly on a permanent basis.

How can we help?

usd AG is officially accredited by the PCI SSC as a Qualified PIN Assessor. We are also happy to offer you combined audits in conjunction with other PCI standards (for example P2PE). Contact us - we will support you with your PCI certification project.

Also interesting:

SWIFT CSCFv2025 - The Three Most Important Questions About the Update

SWIFT CSCFv2025 - The Three Most Important Questions About the Update

Users of the SWIFT network are required to demonstrate compliance with the mandatory security controls through an annual independent audit in accordance with the Customer Security Control Framework (CSCF). As part of this SWIFT Assessment, the security of an...

From Unicode to Exploit: The Security Risks of Overlong UTF-8 Encodings

From Unicode to Exploit: The Security Risks of Overlong UTF-8 Encodings

In the dynamic field of cybersecurity, it is often the obscure and long-forgotten vulnerabilities that pose a hidden threat to otherwise hardened systems. One such vulnerability lies in invalid character encodings that violate the UTF-8 standard. While overlong UTF-8...

Categories

Categories