View
213
Download
0
Category
Preview:
Citation preview
7/24/2019 PCI Announcements 12915
1/3
Risk Management | PIN Security 29 January 2015
PCI PIN Security Requirements UpdatedAP, Canada, CEMEA, LAC, U.S.|Acquirers, Issuers, Processors, Merchants, Agents
To enhance validation methods and improve consistency with compliance assessments, the Payment Card
Industry Security Standards Council (PCI SSC), which manages security standards for the payment card industry,
has published version 2.0 of thePCI PIN Security Requirements.The new requirements were published and
became effective December 2014.
PCI PIN Security Requirements Updates
The PCI SSC updates provide a complete set of requirements for the secure management, processing and
transmission of PIN data during online and offline payment card transaction processing at ATMs and point-of-sale
(POS) terminals. This latest version is designed to:
Improve acquirer and agent understanding of PCI PIN Security Requirements
Provide detailed testing procedures to ease compliance testing and ensure consistent validation methods
Enhance requirements for deployed points-of-interaction (POI) devices
Improve organization of the Remote Key Distribution Using Asymmetric Techniques Operations and the
Certification and Registration Authority Operations requirements
Compliance Effective Dates
Until 30 June 2015, organizations may perform their 2015 PIN security assessments to validate PIN compliance
using version 1.0 or version 2.0 of the PCI PIN Security Requirements. Effective 1 July 2015, all PIN security
compliance assessments must be started according to version 2.0.
Visa reminds clients and acquiring third party agents that process or handle PIN data or perform cryptographic
key management activities that they must comply with the PCI PIN Security Requirements and adhere to all
applicable Visa Core Rules and Visa Product and Service Rules(ID#:0027086), Plus System, Inc. Operating
Regulationsand Interlink Network, Inc. By-Laws and Operating Regulationspertaining to PIN security.
Visa PIN Security Program Requirements1
As communicated in the 11 December 2014 edition of the Visa Business News, organizations identified as Visa PIN
Security Program Participants must perform their onsite security assessment by their respective validation
deadlines but no later than 31 December 2015.
All other organizations that process PIN data must comply with the PCI PIN Security requirements but are not
required to perform an onsite assessment using a Visa Approved PIN Security Assessor. Visa recommends these
https://www.pcisecuritystandards.org/pdfs/14_12_17_PCI_PIN_Security_Requirements_Final_v2.pdfhttps://www.pcisecuritystandards.org/pdfs/14_12_17_PCI_PIN_Security_Requirements_Final_v2.pdfhttps://www.pcisecuritystandards.org/pdfs/14_12_17_PCI_PIN_Security_Requirements_Final_v2.pdfhttps://vpc.visaonline.com/vpc/Search.aspx?keyword=MjcwODY=https://vpc.visaonline.com/vpc/Search.aspx?keyword=MjcwODY=https://vpc.visaonline.com/vpc/Search.aspx?keyword=MjcwODY=https://vpc.visaonline.com/vpc/Search.aspx?keyword=MjcwODY=https://www.pcisecuritystandards.org/pdfs/14_12_17_PCI_PIN_Security_Requirements_Final_v2.pdf7/24/2019 PCI Announcements 12915
2/3
organizations verify their compliance by performing a self-audit, either with forms available from the Visa PIN
website or by using an internal or external auditor to conduct an onsite review. Organizations must retain results
from the self-audit or company-initiated onsite review as evidence of compliance. Visa reserves the right to
request evidence of PIN compliance at any time.
Visit theVisa PIN Securitywebsite for more information on validation deadlines or contact your regional Visa PIN
Risk Representative.
1These PIN program compliance validation requirements are applicable to Visa Inc. regions only. As a separate company, Visa Europe maintains its own
rules. Specific compliance validation deadlines and non-compliance assessments do not apply to Visa Europe clients or their sponsored agents.
Documents & Publications
PCI Security Standards Council Updates PCI PIN Security Requirements, 18 December 2014
Reminder: PCI PIN Security Compliance Assessments to Be Completed by Validation Deadlines, Visa Business
News, 11 December 2014
Changes to PIN Security Program Announced, Visa Business News, 17 October 2013
Visa PIN Security Program Modifications Frequently Asked Questions
The following documents are available at thePCI Standards & Documents Libraryunder the PTS tab:
PIN Security Requirements, version 2.0
PIN Security Requirements Modifications: Summary of Changes versions 1.0 to 2.0
Online Resources
Visit theVisa PIN Securityweb page
For information on PCI PIN Security Requirements, email the PCI SSC atpcipts@pcisecuritystandards.org
For more information on the Visa PIN Security Program, PIN participant status or validation deadlines, email
your regional Visa PIN Risk representative:
AP and CEMEA:pinsec@visa.com
Canada and U.S.:pinna@visa.com
LAC:pinlac@visa.com
Global:pin@visa.com
http://www.visa.com/pinsecurityhttp://www.visa.com/pinsecurityhttp://www.visa.com/pinsecurityhttps://www.pcisecuritystandards.org/pdfs/14_12_17_PCI_PIN_Security_Requirements_Final_v2.pdfhttps://www.pcisecuritystandards.org/pdfs/14_12_17_PCI_PIN_Security_Requirements_Final_v2.pdfhttps://www.pcisecuritystandards.org/pdfs/14_12_17_PCI_PIN_Security_Requirements_Final_v2.pdfhttps://vpc.visaonline.com/vpc/mldocumentview.aspx?id=L2NvbnRlbnQvNTMyZWNjZjMtNTdkOC00MzY1LTkyNzgtMWQyOWVlYTMxMTYxLW1hbmlmZXN0LnhtbA==https://vpc.visaonline.com/vpc/mldocumentview.aspx?id=L2NvbnRlbnQvNTMyZWNjZjMtNTdkOC00MzY1LTkyNzgtMWQyOWVlYTMxMTYxLW1hbmlmZXN0LnhtbA==https://vpc.visaonline.com/vpc/mldocumentview.aspx?id=L2NvbnRlbnQvNTMyZWNjZjMtNTdkOC00MzY1LTkyNzgtMWQyOWVlYTMxMTYxLW1hbmlmZXN0LnhtbA==https://vpc.visaonline.com/vpc/mldocumentview.aspx?id=L2NvbnRlbnQvMzJiMjAyZWQtMGI2MS00MDEyLWI3YTgtM2Q3MjEwZTkzZjZkLW1hbmlmZXN0LnhtbA==https://vpc.visaonline.com/vpc/mldocumentview.aspx?id=L2NvbnRlbnQvMzJiMjAyZWQtMGI2MS00MDEyLWI3YTgtM2Q3MjEwZTkzZjZkLW1hbmlmZXN0LnhtbA==https://vpc.visaonline.com/vpc/mldocumentview.aspx?id=L2NvbnRlbnQvMzJiMjAyZWQtMGI2MS00MDEyLWI3YTgtM2Q3MjEwZTkzZjZkLW1hbmlmZXN0LnhtbA==https://volnet.visaonline.com/pubcntr/mldocumentview.aspx?id=L2NvbnRlbnQvOGM2NTY2YjgtOWYyYi00OTgzLTk1NDgtNTMzYTgzM2M1ZDFkLW1hbmlmZXN0LnhtbA==https://volnet.visaonline.com/pubcntr/mldocumentview.aspx?id=L2NvbnRlbnQvOGM2NTY2YjgtOWYyYi00OTgzLTk1NDgtNTMzYTgzM2M1ZDFkLW1hbmlmZXN0LnhtbA==https://www.pcisecuritystandards.org/security_standards/documents.phphttps://www.pcisecuritystandards.org/security_standards/documents.phphttps://www.pcisecuritystandards.org/security_standards/documents.phphttp://www.visa.com/pinsecurityhttp://www.visa.com/pinsecurityhttp://www.visa.com/pinsecuritymailto:pcipts@pcisecuritystandards.orgmailto:pcipts@pcisecuritystandards.orgmailto:pcipts@pcisecuritystandards.orgmailto:pinsec@visa.commailto:pinsec@visa.commailto:pinna@visa.commailto:pinna@visa.commailto:pinlac@visa.commailto:pinlac@visa.commailto:pin@visa.commailto:pin@visa.commailto:pin@visa.commailto:pinlac@visa.commailto:pinna@visa.commailto:pinsec@visa.commailto:pcipts@pcisecuritystandards.orghttp://www.visa.com/pinsecurityhttps://www.pcisecuritystandards.org/security_standards/documents.phphttps://volnet.visaonline.com/pubcntr/mldocumentview.aspx?id=L2NvbnRlbnQvOGM2NTY2YjgtOWYyYi00OTgzLTk1NDgtNTMzYTgzM2M1ZDFkLW1hbmlmZXN0LnhtbA==https://vpc.visaonline.com/vpc/mldocumentview.aspx?id=L2NvbnRlbnQvMzJiMjAyZWQtMGI2MS00MDEyLWI3YTgtM2Q3MjEwZTkzZjZkLW1hbmlmZXN0LnhtbA==https://vpc.visaonline.com/vpc/mldocumentview.aspx?id=L2NvbnRlbnQvNTMyZWNjZjMtNTdkOC00MzY1LTkyNzgtMWQyOWVlYTMxMTYxLW1hbmlmZXN0LnhtbA==https://www.pcisecuritystandards.org/pdfs/14_12_17_PCI_PIN_Security_Requirements_Final_v2.pdfhttp://www.visa.com/pinsecurity7/24/2019 PCI Announcements 12915
3/3
Control Solutions, Inc.| 5775 Soundview Drive, Suite 101E, Gig Harbor, WA 98335 | T: 1-800-852-3282| F: 1-253-858-2802 | www.posdata.com
ExpertTechnical Support
40+ Years of Experience
Our experts have been serving industry channel memberssince 1973. Identifying better technologies
and systems to processpaymentsis our expertise, and over the years we have built a solid network of
hardware manufacturersto provide the most advanced payment point of salesolutions available.
Ourexperts arealways available to suggest products and solutions for your needs. We stay up to date
on PCI compliance and payment security strategies and keep you aprised of important information.
OutstandingAccess to Top Manufacturers
POSDATAmaintains strong strategic partnerships with the leading manufacturers in payment
technologies. We pride ourselves on knowing every detail about the latest products on the market and
passing this information along to the channel.
Responsive Customer Service
Every phone call and email is responded to promptly, completely and accurately by our customer
service
Lifelong Product Support
Our Life Cycle Services provide lifelong support of paymenttechnologies after initial installation,
including product repair, mobile device management, warrantymanagement, product refreshes, and e-
waste recycling. With our advance exchange program, we keep replacement supplies in stock and
immediately send them outto minimize system downtime.
Complete Deployment Services
We specialize in custom sytem setups including configuration, custom screensand software loading.
We provide product imaging, inspection, asset tagging, custom packaging and shippingservices to
ensure your technologies arrive ready for operation right out of the box. Additionally, we can assist our
channel partners with installation and training.
Who We Are
POSDATA is a value addeddistributor of electronic paymenttechnologies, with a focus on providing
solutions and expertise to resellersin the channel.We are experts in key encryption and payment
security andprovidea complete portfolioof services to aid in the configuration,encryption, deployment,
installation, repairand management of payment technologies.
Control Solutions, Inc.
7625 National Turnpike
Unit 100
Louisville, KY 40214
1-800-426-4004
Fax: 1-502-368-7657
www.posdata.com
About POSDATA Partners
Why Choose POSDATA?
Systems Engineering
We provide the engineering expertise to assist channel partners withtheintegration of payment
terminalsinto existing system infrastructures.
Contact us for product / servicerecommendations& to place an
ordersales@posdata.com | 1-800-426-4004
POSDATA is a
registered tradema
Control Solutions,
Trade Memb
Recommended