In response to a request from the ATM Industry Association, the PCI Council has confirmed that its new ATM security guidelines are intended to be best practices, not standards.
The ATMIA had sought clarity on the point following the council's announcement to participating organizations of an open comment period for the ATM security guidelines.
"ATMIA has received a letter stating that a standard similar to, or derived from, the ATM Security Guidelines is not currently on the PCI roadmap for development, " said Mike Lee, CEO of ATMIA. "This provides a level of comfort for the industry and for ATMIA members since we have been dealing with voluntary ATM security best practices since 2003 and have never contemplated turning them into enforceable global standards."
The PCI Council developed new ATM security guidelines based on requests from merchants, service providers, financial institutions and vendors.
For more on this topic, visit the regulatory issues research center.