Your Certification against PCI PIN – What You Need to Know

17. September 2019

Attacks on unsecured or outdated payment terminals have been increasing lately. Therefore, it is more important than ever to secure electronic transactions and protect credit card data and PINs with effective security measures. The PCI Security Standards Council (PCI SSC) has therefore published the PCI PIN Standard Version 3.0 this year.

We have summarized the essential points for you:

What is the objective of the standard?

The PCI PIN Standard includes security requirements to protect Personal Identification Numbers (PINs), which confirm the identity of a credit card holder during the payment process. The requirements are aimed at the secure administration, processing and transmission of PINs in online and offline transactions at ATMs and at attended and unattended payment terminals (e.g. ticket vending machines).

To whom does it apply?

The requirements of the PCI PIN standard must be met by all organizations that accept or process transactions from ATMs or point-of-sale terminals on the acquiring side. This applies in particular to banks, payment providers and network operators.

When will it become mandatory?

The PCI PIN Standard will replace the previously valid VISA PIN Security Requirements as of October 1, 2019. Certification by a Visa approved PIN Security Assessor will then no longer be viable.

How do you validate compliance?

As of October 1, 2019, affected organizations are required to have an annual onsite assessment conducted by a Qualified PIN Assessor (QPA) in order to successfully prove PCI PIN compliance. For this purpose, certified Qualified PIN Assessors carry out an assessment at your premises. They identify deviations from the standard through interviews with your employees, document reviews and technical tests.

How can we help you?

usd AG has been accredited by the PCI Council as a Qualified PIN Assessor (QPA) as one of the first companies in Europe. We are therefore qualified to assess and certify compliance with the PCI PIN Standard.

We also offer combined audits in connection with other PCI standards (such as P2PE). We are happy to advise you on your options.

PAYMENT SECURITY | PAYMENT SECURITY | PCI PIN | PCI ZERTIFIZIERUNG

Also interesting:

What Does “Periodically” Actually Mean? PCI DSS v4.0 Specifies Timeframes

Apr 26, 2024

“Promptly”, “quarterly”, “periodically”: Many PCI DSS requirements demand that measures be implemented within a specified timeframe. While version v3.2.1 of the PCI DSS left some room for interpretation here, version v4.0 contains specific explanations for the first...

Information Security in Third-Party Risk Management: How to Set Up a TPRM Program

Apr 24, 2024

Companies often work with a large number of service providers in order to be able to concentrate on their core business or save costs. For this to succeed, companies must grant their service providers access (digital and analog) to their company assets. This opening...

Break Down Prejudices, Empower Women. We Participate in Girls'Day 2024

Apr 22, 2024

Approximately a quarter of our usd Heroes are female. Even though that is above the average for our industry, we are convinced that there is still room for improvement. That is why we are taking part in Girls'Day again this year. On this day, girls can gain an insight...

Your Certification against PCI PIN – What You Need to Know

Also interesting:

What Does “Periodically” Actually Mean? PCI DSS v4.0 Specifies Timeframes

Information Security in Third-Party Risk Management: How to Set Up a TPRM Program

Categories

Categories

usd AG

News

What Does “Periodically” Actually Mean? PCI DSS v4.0 Specifies Timeframes

Information Security in Third-Party Risk Management: How to Set Up a TPRM Program

Follow Us