CONTINUE TO SITE »
or wait 15 seconds

News

PCI SSC publishes terminal software security best practices

The new guidance will help organizations to understand and counteract potential threats to the integrity of point-of-interaction devices.

December 18, 2014

The PCI Security Standards Council, an open global forum for the development of payment card security standards, has published "Terminal Software Security Best Practices." The document gives detailed guidance for the development of software designed to run on point-of-interaction devices, according to a news release.

The PCI PIN Transaction Security requirements address software code required to meet parameters defined in the PCI PTS POI Security Requirements. The new best practices address other software that exists on the POI device — including payment and non-payment applications — and reinforces the importance of maintaining a layered approach to security.

The new guidance will help organizations, including vendors who write or implement applications within a POI device, to understand and counteract potential threats to device integrity, and to employ appropriate processes to counter those threats. Organizations can use this guidance to help ensure standard secure coding practices are followed, including:

Security awareness training that supports secure software development. Those involved in the development process play an important role in ensuring that secure coding practices are implemented and that they address current threats. These individuals need to be educated in the secure software development program.

Secure software development lifecycle. Organizations need to have a software security roadmap before development begins. The software itself needs to be mapped and documented, and rules and processes defined so that security is implemented as part of the development process and not incorporated as an afterthought.

Device-level testing. It is imperative to understand how the application will work in conjunction with hardware, firmware, and other applications. While simulators and unit testing are essential, testing the device with the complete solution should be a priority.

Internal process reviews. Organizations need to stay current on the latest threats to ensure that security procedures are sufficient and are being followed.

"While consumers and merchants alike benefit from additional features, complexity and increasing dependency on third-party applications can create new opportunities for exploit, which is why due diligence is so vital in the development of software that terminals rely upon," said PCI SSC Chief Technology Officer Troy Leach. "This paper highlights important best practices for software coding in this unique environment."

Download the free PDF, "Terminal Software Security Best Practices."

Related Media

Security
Examining biggest ATM security issues and 4 strategies to prevent them
Security
Banking privacy: 5 benefits for banks, customers
Security
Protecting an ATM's hardware, software by slowing down criminals
On-Demand Webinar
A Masterclass in ATM Security: Global Best Practices and Trends
Presented by Diebold Nixdorf
Recent Posts
TD Bank bringing dog treat ATMs to 14 locations
Coinbase fights back against bank's claim of stablecoin deposit erosion
Diebold Nixdorf named one of Time's World's Best Companies
3 suspects arrested for alleged ATM theft in North Carolina
South Carolina individual kidnapped, forced to withdraw money from ATM


©2025 Networld Media Group, LLC. All rights reserved.
b'S1-NEW'