PCI PIN: Replace Your Assessor after Two Assessment Cycles

6. October 2022

As the successor to the VISA PIN Security Requirements valid until 2019, the PCI PIN Security Standard PCI PIN Security Standard includes security requirements for the protection of Personal Identification Numbers (PINs), which are used to confirm the identity of a credit card holder during the payment process.

The requirements are aimed at secure management, processing, and transmission of PINs in online and offline transactions at ATMs as well as at supervised and unsupervised payment terminals (e.g., ticket vending machines) and must be met by all organizations that accept or process transactions from ATMs or point-of-sale terminals on the acquiring side. The standard is thus aimed in particular at banks, payment providers and network operators.

To successfully demonstrate PCI PIN compliance, affected companies are required to have an audit performed by an accredited Qualified PIN Assessor (QPA) every two years. During such an audit, certified and specially trained assessors identify deviations from the standard in the company by means of interviews, document reviews and technical tests.

Important: Companies subject to certification must change their PIN assessor regularly

In its VISA PIN Security Program Guide, VISA formulates some basic requirements for PIN security. These include the rule that companies subject to certification must replace their QPA Company after two consecutive assessment cycles at the latest. This practice is intended to help ensure that security assessments are conducted objectively and thoroughly on a permanent basis.

How can we help?

usd AG is officially accredited by the PCI SSC as a Qualified PIN Assessor. We are also happy to offer you combined audits in conjunction with other PCI standards (for example P2PE). Contact us - we will support you with your PCI certification project.

Also interesting:

PHOENIX group establishes Europe-wide ISMS with support from usd AG

PHOENIX group establishes Europe-wide ISMS with support from usd AG

Particularly in high-growth industries with increasing internationalisation, such as the pharmaceutical industry, corporations today face the challenge of setting up their information security governance in such a way that it meets the associated risks and challenges....

Security Scan and Pentest: What are the Differences?  

Security Scan and Pentest: What are the Differences?  

A proactive protection against hacker attacks is essential, especially for systems and applications that are accessible from the Internet. A penetration test, or pentest for short, and security scan are frequently requested IT security analyses in this context,...

Security Advisories for Jellyfin

Security Advisories for Jellyfin

The usd HeroLab analysts examined the multimedia application Jellyfin while conducting their security analyses. Two cross-site scripting vulnerabilities were identified that allowed a simple user account to take over higher-privileged accounts, such as an...

Categories

Categories