CONTINUE TO SITE »
or wait 15 seconds

News

PCI SSC issues updated PIN transaction security standard

June 7, 2013

The PCI Security Standards Council has released the published version 4.0 of PIN Transaction Security Point of Interaction requirements. According to PCI SSC, the standards, along with hardware security module requirements, help device manufacturers ensure that their products are secure for accepting and processing payment cards. 

PTS POI requirements are updated on a three-year cycle, based on feedback from the PCI community. The development process also allows for minor update releases as needed.  

The new version builds on these updates to underscore the applicability of the requirements to traditional POI deployments — including POS devices, unattended kiosks, mobile dongles — and many other types of devices. 

Key changes  in version 4.0 include:

  • restructured open protocols module — helps ensure that POI devices do not have communication vulnerabilities that can be remotely exploited to gain access to sensitive data or resources within the device;
  • enhanced interface testing and logical security requirements — requiring more stringent documentation and assessment of all interfaces of the device helps to end sure that no interface can be abused or used as an attack vector;
  • added source code reviews — additional mandatory source code reviews enhance the robustness of the testing process; and
  • introduction of a vendor-provided security policy — gives guidance that will facilitate implementation of an approved POI device in a manner consistent with the POI requirements, including information on key management responsibilities, administrative responsibilities, device functionality, identification, and environmental requirements.

"With 3.1 we introduced changes that would help facilitate the use of point-to-point encryption technology and open platforms, such as mobile phones, to accept payments," said Troy Leach, chief technology officer at PCI Security Standards Council. "Version 4.0 continues to build on this by addressing all interfaces that potentially grant access to data or resources in POI devices, in addition to the critical communications channels, such as RFID, wireless, cellular (e.g., GPRS, CDMA) and Bluetooth."

Vendors have the option of testing against version 3.1 or version 4.0 for the time being. Beginning in May 2014, version 3.0 will no longer be available for new evaluations, but may still be used for delta evaluations.

The requirements are available on the PCI SSC website. For ease of reference, the update includes a summary of changes from version 3.1 to version 4.0.

The Council will also be hosting a webinar on the updated requirements on June 18 and June 20. Further information and a webinar registration page are available online.

Read more about security.

Related Media

Security
Examining biggest ATM security issues and 4 strategies to prevent them
Security
Banking privacy: 5 benefits for banks, customers
Security
Protecting an ATM's hardware, software by slowing down criminals
On-Demand Webinar
A Masterclass in ATM Security: Global Best Practices and Trends
Presented by Diebold Nixdorf
Recent Posts
Mechanics Bank merges with HomeStreet Bank
Indian woman attacks ATM to pay education fees for nephew
ATM fees increase for 3rd consecutive year
ATM check deposit fraud on the rise in Honolulu
The Farmers Bank renames branches, converts ATMs to ITMs


©2025 Networld Media Group, LLC. All rights reserved.
b'S2-NEW'