LEARN MORE ABOUT OUR PCI PIN SECURITY SERVICES !

The Standard
The Payment Card Industry PIN Security Standard [PCI PIN] is a set of comprehensive requirements for enhancing PIN data security of acquired transaction from card holders by banks, processors, and ATM/EFTPOS network operators.

The PCI PIN security requirements are for the secure management, processing and transmission of Personal Identification Number [PIN] data during online and offline payment card transaction processing at ATMs, attended and unattended point-of-sale [EFTPOS] terminals. There are 32 requirements that are organized into seven logically related groups, which are referred to as “Control Objectives.” These requirements are intended for use by all acquiring institutions responsible for PIN transaction processing on the payment card industry participants’ denominated accounts and should be used in conjunction with applicable industry standards.

The seven control objectives are:

• PINs used in transactions governed by these requirements are processed using equipment and methodologies that ensure they are kept secure
• Cryptographic keys used for PIN encryption/decryption and related key management are created using processes that ensure that it is not possible to predict any key or determine that certain keys are more probable than other keys
• Keys are conveyed or transmitted in a secure manner
• Key loading to hosts and PIN entry devices is handled in a secure manner
• Keys are used in a manner that prevents or detects their unauthorized usage
• Keys are administered in a secure manner
• Equipment used to process PINs and keys is managed in a secure manner

PCI DSS applies to every bank, processor, or network operator who acquires and process PIN based transactions from ATM or Point-of-Sales terminals.

Services
With our Security Services for PCI we provide consultancy and advisory services to assist banks, processors, and network operators in selected countries in achieving compliance with the PCI PIN requirements.