News

PCI SSC beefs up standards for point-of-interaction devices

September 12, 2016

The PCI Council has updated its payment device standard to enable stronger protections for cardholder data and PINs on chip and mag-stripe cards and mobile devices, according to a press release from the council.

Version 5.0 of "PCI PIN Transaction Security Point-of-Interaction Modular Security Requirements" emphasizes more robust security controls for payment devices. The updated standard is designed to prevent physical tampering and the insertion of malware that can compromise card data during payment transactions, the council said. A brief summary of the changes is available also.

"We continue to see innovative skimming devices and new attack methods that put cardholder data at risk for fraud," said Troy Leach, PCI Security Standards Council Chief Technology Officer. "Security must continue to evolve to defend against these threats. The newest PCI standard for payment devices recognizes this challenge by requiring protections against advancements in attack techniques."

The updated standard and supporting documentation — including "PCI PTS POI Modular Derived Test Requirements" and "PCI PTS POI Modular Vendor Questionnaire" — are available online. A list of approved devices that have been tested against the PCI PTS POI modular security requirements is available on the council's website, the release said.

Vendors can begin now to use version 5.0 for payment device evaluations. Version 4.1 will be retired in September 2017.