On May 19, the PCI Security Standards Council (PCI SSC) presented its own program for listing PCI PIN-certified service providers. The Council is filling the gap left by the sunset of the Visa PIN program on 1 October 2023. The objective is to strengthen the integrity and security of global payment transactions.
Central Platform for Transparency and Compliance
The new PCI PIN list provides a central and standardized platform for PIN service providers to demonstrate their compliance with the PCI PIN Security Standard. The public listing also allows them to underline their commitment towards secure PIN transactions.
Additionally, the new PIN listing offers service providers a standardized submission process. To be listed, service providers must submit two documents via their Qualified PIN Assessor (QPA) on the council's website:
- the Attestation of Compliance (AoC)
- the Vendor Release Agreement (VRA)
Important Key Facts: Voluntary Service and Fee Structure
Participation in the listing is voluntary. This is one of the key differences to other programs of the Council. Service providers may continue to have their PIN environments validated by a QPA without being officially listed on the PCI SSC website. However, being listed offers a transparent way of making the validation status visible to customers and partners.
There is a fee of 2,500 USD for inclusion in the directory. To incentivize early participation, the Council is reducing this fee to 950 USD for submissions made until 31 December 2025. This is an attractive opportunity to be listed at reduced rates. Entries in the register are valid for two years.
Efficient and Transparent Submission Process
PIN service providers are able to make their certification visible via the PIN Listing Program and use the standardized submission process to do so. The most important features at a glance:
- Central submission portal: All documents are submitted via the PCI SSC portal.
- Standardized review: The PCI SSC reviews all submissions based on the Attestation of Compliance to ensure that all requirements are met.
- Comprehensive public listing: After being successfully reviewed and paying the required fee, the service provider is listed in the Council's public directory.
- Service provider details: The listing includes details of the service provider, the certified PIN standard version, the QPA that performed the assessment, and the certification validity and expiration date.
- Flexible submission procedure: Both the QPA companies and the service providers themselves can submit a PIN listing on the PCI SSC website.
For more information on the PCI PIN Assessment, click here. Do you have any questions or need support with your PCI compliance? Contact us - our experts are happy to help you.
