CONTINUE TO SITE »
or wait 15 seconds

News

PCI SSC updates PIN security standard

August 6, 2018

The PCI Security Standards Council has published PCI PIN Security Requirements and Testing Procedures version 3.0, the PCI standard for the secure management, processing and transmission of PIN data at ATMs and attended and unattended point-of-sale terminals.

According to a press release, implementation of the standard over time means that:

  • The use of personal computers for key loading, where clear text secret and/or private keys and/or their components exist in unprotected memory outside the secure boundary of a secure cryptographic device, will be phased out.
  • The allowance for the injection of clear text secret or private keying material into an SCD will be phased out. Only encrypted key injection will be allowed.
  • Fixed-key TDES PIN encryption will be disallowed at a future date.
  • Host support for AES PIN encryption will be required in the future.
  • Test procedures have been enhanced to ensure more robust testing of existing requirements.
  • The requirement that encrypted symmetric keys must be managed in structures called key blocks has been revised and broken into three separate phases with different implementation dates, as outlined in the March 2017 PCI SSC bulletin on revisions to the implementation date for PCI PIN Security Requirement 18-3.

"For decades, the use of verification methods such as PIN have provided additional authentication to protect payments from fraudulent use," PCI SSC Chief Technology Officer Troy Leach said in the release. "Version 3.0 of the PCI PIN Security Standard will ensure the continued integrity of PIN by minimizing future risk to key generation and operations. ASC X9's contributions have been critical to this effort, and we look forward to our continued collaboration."

PCI SSC is also developing a program — to be available in 2019 — to train and qualify security assessors to support implementation of the PCI PIN Security Standard, according to a press release.

View a more detailedsummary of changesto the standard.

Related Media

Security
Examining biggest ATM security issues and 4 strategies to prevent them
Security
Banking privacy: 5 benefits for banks, customers
Security
Protecting an ATM's hardware, software by slowing down criminals
On-Demand Webinar
A Masterclass in ATM Security: Global Best Practices and Trends
Presented by Diebold Nixdorf
Recent Posts
Eurasian Bank selects Diebold Nixdorf's self-service software
First National Bank to open 30 branches
Romanian man arrested for alleged cash trapping ATM scheme
Replacing the ATM: Pros and cons of new vs. remanufactured
Chase partners with The Points Guy for Make-A-Wish sweepstakes


©2025 Networld Media Group, LLC. All rights reserved.
b'S1-NEW'