News

PCI SSC updates standard for POI device security

Version 4.1 of the PIN Transaction Security Point of Interaction Modular Security Requirements responds to market need and industry feedback, the PCI Security Standards Council says.

July 2, 2015

The PCI Security Standards Council has published a new version of its PIN Transaction Security Point of Interaction Modular Security Requirements for POI device manufacturers. The updated standards reflect both market need and industry feedback, according to a PCI SSC news release.

The standard ensures that merchants, financial institutions and others can accept and process payment cards securely via ATMs, unattended kiosks, point-of-sale devices, and mobile dongles.

"As we see increasing attacks on ATMs and at the POS, it’s critical to ensure the highest level of security at the device level," said PCI SSC Chief Technology Officer Troy Leach. "The latest version of the PCI requirements for point-of-interaction devices will help businesses provide the strongest protections to their customers."

PTS POI version 4.1 introduces enhancements to testing procedures intended increase the robustness of the security protections for POI devices.

Key changes include:

• the addition of a new core module section that addresses configuration and maintenance procedures relevant to the security of all POI device types; and
• the addition of testing requirements to reflect that PTS evaluation laboratories will begin validating vendor documentation of policies and procedures that pertain to device management from manufacture through initial key loading or deployment.

The updated POI device requirements, including a summary of changes from version 4.0 to version 4.1, are available from the PCI SSC website.