News

Networks strive to unify PED standards

July 13, 2004

The ATM industry's latest network requirement is that the PIN-entry devices (PED) on newly purchased ATMs be approved by one of three independent, Visa-designated laboratories - InfoGard in California, T-Systems in Germany or TNO in the Netherlands. Visa's original deadline was July 1, 2004.

However, on June 25 Visa announced that it was deferring the deadline so it could develop a set of aligned testing guidelines and evaluation requirements with MasterCard.

First POS, now ATM

The two companies earlier this year aligned their PED testing requirements for point-of-sale devices, with the aligned program slated to replace their current programs on Oct. 1, 2004.

This story and all the great free content on ATM Marketplace is supported by: ATM Exchange ----------------------------- Advertise on ATM Marketplace.  Click here for details.

Together, the companies developed aligned POS requirements that look to be slightly more stringent than the current Visa requirements, according to the Visa Web site. MasterCard also agreed to grandfather in all POS PEDs approved by Visa before that October date.

John Schettino, vice president of security and risk services for MasterCard International, said the two companies intend to introduce a similarly aligned program for ATMs by early 2005.

The aim is to simplify the overall process for members, Schettino said. "Our intent is to make the testing process as easy as possible. Our goal is to have one process, one test, one result and one certification where possible."

"The fact that Visa and MasterCard are getting on the same page will answer at least some of the previously unanswered questions ATM owners of all sizes have about compliance," said Dave Parlin, president of ATM Exchange, whose 3DES Plus product is currently being tested at the T-Systems lab. The EPP used for 3DES Plus, which is manufactured by Sagem, has already been approved.

In addition to testing with T-Systems, Parlin said ATM Exchange is in the midst of certification efforts for 3DES Plus with several networks and processors.

"The type of testing we are doing and completing with the card associations and regional EFT processors proves that these organizations truly have security and customer savings at the forefront of their thinking," he said.

Vendors involved in the first round of PED testing found the process wasn't perfect, but they seem to believe it will improve. One imperfection of the process is the requirements discrepancies among major network players.

Ernest Chapman, a product manager for Diebold, which has earned approval for the EPP used in its ix, Opteva and CSP 400 models, believes that more common standards would be beneficial.

"As a manufacturer, we're going to meet the industry standards, but it would be helpful if the different regulatory bodies could get together as much as possible on their requirements," Chapman said.

He said Diebold has used the same EPP hardware recently approved by the T-Systems lab in its ATMs for several years. Only some firmware updates were required to bring it into compliance with the Visa standards.

Included In This Story

---