7/24/2019 PCI Announcements 12915

1/3

Risk Management | PIN Security 29 January 2015

PCI PIN Security Requirements UpdatedAP, Canada, CEMEA, LAC, U.S.|Acquirers, Issuers, Processors, Merchants, Agents

To enhance validation methods and improve consistency with compliance assessments, the Payment Card

Industry Security Standards Council (PCI SSC), which manages security standards for the payment card industry,

has published version 2.0 of thePCI PIN Security Requirements.The new requirements were published and

became effective December 2014.

PCI PIN Security Requirements Updates

The PCI SSC updates provide a complete set of requirements for the secure management, processing and

transmission of PIN data during online and offline payment card transaction processing at ATMs and point-of-sale

(POS) terminals. This latest version is designed to:

Improve acquirer and agent understanding of PCI PIN Security Requirements

Provide detailed testing procedures to ease compliance testing and ensure consistent validation methods

Enhance requirements for deployed points-of-interaction (POI) devices

Improve organization of the Remote Key Distribution Using Asymmetric Techniques Operations and the

Certification and Registration Authority Operations requirements

Compliance Effective Dates

Until 30 June 2015, organizations may perform their 2015 PIN security assessments to validate PIN compliance

using version 1.0 or version 2.0 of the PCI PIN Security Requirements. Effective 1 July 2015, all PIN security

compliance assessments must be started according to version 2.0.

Visa reminds clients and acquiring third party agents that process or handle PIN data or perform cryptographic

key management activities that they must comply with the PCI PIN Security Requirements and adhere to all

applicable Visa Core Rules and Visa Product and Service Rules(ID#:0027086), Plus System, Inc. Operating

Regulationsand Interlink Network, Inc. By-Laws and Operating Regulationspertaining to PIN security.

Visa PIN Security Program Requirements1

As communicated in the 11 December 2014 edition of the Visa Business News, organizations identified as Visa PIN

Security Program Participants must perform their onsite security assessment by their respective validation

deadlines but no later than 31 December 2015.

All other organizations that process PIN data must comply with the PCI PIN Security requirements but are not

required to perform an onsite assessment using a Visa Approved PIN Security Assessor. Visa recommends these

https://www.pcisecuritystandards.org/pdfs/14_12_17_PCI_PIN_Security_Requirements_Final_v2.pdfhttps://www.pcisecuritystandards.org/pdfs/14_12_17_PCI_PIN_Security_Requirements_Final_v2.pdfhttps://www.pcisecuritystandards.org/pdfs/14_12_17_PCI_PIN_Security_Requirements_Final_v2.pdfhttps://vpc.visaonline.com/vpc/Search.aspx?keyword=MjcwODY=https://vpc.visaonline.com/vpc/Search.aspx?keyword=MjcwODY=https://vpc.visaonline.com/vpc/Search.aspx?keyword=MjcwODY=https://vpc.visaonline.com/vpc/Search.aspx?keyword=MjcwODY=https://www.pcisecuritystandards.org/pdfs/14_12_17_PCI_PIN_Security_Requirements_Final_v2.pdf

7/24/2019 PCI Announcements 12915

2/3

organizations verify their compliance by performing a self-audit, either with forms available from the Visa PIN

website or by using an internal or external auditor to conduct an onsite review. Organizations must retain results

from the self-audit or company-initiated onsite review as evidence of compliance. Visa reserves the right to

request evidence of PIN compliance at any time.

Visit theVisa PIN Securitywebsite for more information on validation deadlines or contact your regional Visa PIN

Risk Representative.

1These PIN program compliance validation requirements are applicable to Visa Inc. regions only. As a separate company, Visa Europe maintains its own

rules. Specific compliance validation deadlines and non-compliance assessments do not apply to Visa Europe clients or their sponsored agents.

Documents & Publications

PCI Security Standards Council Updates PCI PIN Security Requirements, 18 December 2014

Reminder: PCI PIN Security Compliance Assessments to Be Completed by Validation Deadlines, Visa Business

News, 11 December 2014

Changes to PIN Security Program Announced, Visa Business News, 17 October 2013

Visa PIN Security Program Modifications Frequently Asked Questions

The following documents are available at thePCI Standards & Documents Libraryunder the PTS tab:

PIN Security Requirements, version 2.0

PIN Security Requirements Modifications: Summary of Changes versions 1.0 to 2.0

Online Resources

Visit theVisa PIN Securityweb page

For information on PCI PIN Security Requirements, email the PCI SSC atpcipts@pcisecuritystandards.org

For more information on the Visa PIN Security Program, PIN participant status or validation deadlines, email

your regional Visa PIN Risk representative:

AP and CEMEA:pinsec@visa.com

Canada and U.S.:pinna@visa.com

LAC:pinlac@visa.com

Global:pin@visa.com

http://www.visa.com/pinsecurityhttp://www.visa.com/pinsecurityhttp://www.visa.com/pinsecurityhttps://www.pcisecuritystandards.org/pdfs/14_12_17_PCI_PIN_Security_Requirements_Final_v2.pdfhttps://www.pcisecuritystandards.org/pdfs/14_12_17_PCI_PIN_Security_Requirements_Final_v2.pdfhttps://www.pcisecuritystandards.org/pdfs/14_12_17_PCI_PIN_Security_Requirements_Final_v2.pdfhttps://vpc.visaonline.com/vpc/mldocumentview.aspx?id=L2NvbnRlbnQvNTMyZWNjZjMtNTdkOC00MzY1LTkyNzgtMWQyOWVlYTMxMTYxLW1hbmlmZXN0LnhtbA==https://vpc.visaonline.com/vpc/mldocumentview.aspx?id=L2NvbnRlbnQvNTMyZWNjZjMtNTdkOC00MzY1LTkyNzgtMWQyOWVlYTMxMTYxLW1hbmlmZXN0LnhtbA==https://vpc.visaonline.com/vpc/mldocumentview.aspx?id=L2NvbnRlbnQvNTMyZWNjZjMtNTdkOC00MzY1LTkyNzgtMWQyOWVlYTMxMTYxLW1hbmlmZXN0LnhtbA==https://vpc.visaonline.com/vpc/mldocumentview.aspx?id=L2NvbnRlbnQvMzJiMjAyZWQtMGI2MS00MDEyLWI3YTgtM2Q3MjEwZTkzZjZkLW1hbmlmZXN0LnhtbA==https://vpc.visaonline.com/vpc/mldocumentview.aspx?id=L2NvbnRlbnQvMzJiMjAyZWQtMGI2MS00MDEyLWI3YTgtM2Q3MjEwZTkzZjZkLW1hbmlmZXN0LnhtbA==https://vpc.visaonline.com/vpc/mldocumentview.aspx?id=L2NvbnRlbnQvMzJiMjAyZWQtMGI2MS00MDEyLWI3YTgtM2Q3MjEwZTkzZjZkLW1hbmlmZXN0LnhtbA==https://volnet.visaonline.com/pubcntr/mldocumentview.aspx?id=L2NvbnRlbnQvOGM2NTY2YjgtOWYyYi00OTgzLTk1NDgtNTMzYTgzM2M1ZDFkLW1hbmlmZXN0LnhtbA==https://volnet.visaonline.com/pubcntr/mldocumentview.aspx?id=L2NvbnRlbnQvOGM2NTY2YjgtOWYyYi00OTgzLTk1NDgtNTMzYTgzM2M1ZDFkLW1hbmlmZXN0LnhtbA==https://www.pcisecuritystandards.org/security_standards/documents.phphttps://www.pcisecuritystandards.org/security_standards/documents.phphttps://www.pcisecuritystandards.org/security_standards/documents.phphttp://www.visa.com/pinsecurityhttp://www.visa.com/pinsecurityhttp://www.visa.com/pinsecuritymailto:pcipts@pcisecuritystandards.orgmailto:pcipts@pcisecuritystandards.orgmailto:pcipts@pcisecuritystandards.orgmailto:pinsec@visa.commailto:pinsec@visa.commailto:pinna@visa.commailto:pinna@visa.commailto:pinlac@visa.commailto:pinlac@visa.commailto:pin@visa.commailto:pin@visa.commailto:pin@visa.commailto:pinlac@visa.commailto:pinna@visa.commailto:pinsec@visa.commailto:pcipts@pcisecuritystandards.orghttp://www.visa.com/pinsecurityhttps://www.pcisecuritystandards.org/security_standards/documents.phphttps://volnet.visaonline.com/pubcntr/mldocumentview.aspx?id=L2NvbnRlbnQvOGM2NTY2YjgtOWYyYi00OTgzLTk1NDgtNTMzYTgzM2M1ZDFkLW1hbmlmZXN0LnhtbA==https://vpc.visaonline.com/vpc/mldocumentview.aspx?id=L2NvbnRlbnQvMzJiMjAyZWQtMGI2MS00MDEyLWI3YTgtM2Q3MjEwZTkzZjZkLW1hbmlmZXN0LnhtbA==https://vpc.visaonline.com/vpc/mldocumentview.aspx?id=L2NvbnRlbnQvNTMyZWNjZjMtNTdkOC00MzY1LTkyNzgtMWQyOWVlYTMxMTYxLW1hbmlmZXN0LnhtbA==https://www.pcisecuritystandards.org/pdfs/14_12_17_PCI_PIN_Security_Requirements_Final_v2.pdfhttp://www.visa.com/pinsecurity

7/24/2019 PCI Announcements 12915

3/3

Control Solutions, Inc.| 5775 Soundview Drive, Suite 101E, Gig Harbor, WA 98335 | T: 1-800-852-3282| F: 1-253-858-2802 | www.posdata.com

ExpertTechnical Support

40+ Years of Experience

Our experts have been serving industry channel memberssince 1973. Identifying better technologies

and systems to processpaymentsis our expertise, and over the years we have built a solid network of

hardware manufacturersto provide the most advanced payment point of salesolutions available.

Ourexperts arealways available to suggest products and solutions for your needs. We stay up to date

on PCI compliance and payment security strategies and keep you aprised of important information.

OutstandingAccess to Top Manufacturers

POSDATAmaintains strong strategic partnerships with the leading manufacturers in payment

technologies. We pride ourselves on knowing every detail about the latest products on the market and

passing this information along to the channel.

Responsive Customer Service

Every phone call and email is responded to promptly, completely and accurately by our customer

service

Lifelong Product Support

Our Life Cycle Services provide lifelong support of paymenttechnologies after initial installation,

including product repair, mobile device management, warrantymanagement, product refreshes, and e-

waste recycling. With our advance exchange program, we keep replacement supplies in stock and

immediately send them outto minimize system downtime.

Complete Deployment Services

We specialize in custom sytem setups including configuration, custom screensand software loading.

We provide product imaging, inspection, asset tagging, custom packaging and shippingservices to

ensure your technologies arrive ready for operation right out of the box. Additionally, we can assist our

channel partners with installation and training.

Who We Are

POSDATA is a value addeddistributor of electronic paymenttechnologies, with a focus on providing

solutions and expertise to resellersin the channel.We are experts in key encryption and payment

security andprovidea complete portfolioof services to aid in the configuration,encryption, deployment,

installation, repairand management of payment technologies.

Control Solutions, Inc.

7625 National Turnpike

Unit 100

Louisville, KY 40214

1-800-426-4004

Fax: 1-502-368-7657

www.posdata.com

About POSDATA Partners

Why Choose POSDATA?

Systems Engineering

We provide the engineering expertise to assist channel partners withtheintegration of payment

terminalsinto existing system infrastructures.

Contact us for product / servicerecommendations& to place an

ordersales@posdata.com | 1-800-426-4004

POSDATA is a

registered tradema

Control Solutions,

Trade Memb