What is PCI PIN?
PCI PIN is a set of requirements defined by the PCI Security Standards Council for the secure handling of personal identification number (PIN) data during payment processing at ATMs or over point-of-sale (POS) terminals. PCI PIN and PCI PTS requirements emphasize on maintaining physical and logical security of the POS (point-of-sale) devices, PIN pad services, and UPTs. The intention of this standard is to reduce the number of credit card frauds around Point-of-Sale devices. The PCI PIN standard also takes care of managing security around the integrated PIN entry device. It ensures that the integration of previously approved components does not impair the overall security at POS. The standard lays importance on secure reading and exchange of cardholder data as well as device management (right from the stage of manufacturing until initial key loading).
You require to adhere to PCI PIN and PTS standard if your organization has:
- PIN Acquiring Third-Party VisaNet Processor (VNP) – A third party VNP entity that is directly connected to VisaNet and provides acquiring PIN processing services to members.
- PIN Acquiring Client VNP acting as a Service Provider – A Visa member or member-owned entity that is directly connected to VisaNet and provides PIN acquiring processing services to members.
- PIN Acquiring Third-Party Servicers (TPS) – A third-party agent that stores, processes, or transmits Visa account numbers and PINs on behalf of Visa members.
- Encryption and Support Organizations (ESO) – A non-member organization that deploys ATM, POS, or kiosk PIN acceptance devices which process and accept cardholder PINs and/or manage encryption keys (i.e., key injection facilities (KIFs)).
PCI PIN – Consulting
Our security professionals at Crossbow Labs help in implementing the environment that meets PIN Security requirements and makes you compliance audit-ready. We aim at improving the security of your payment terminal by performing both software and hardware penetration testing. This helps us in finding gaps and recommending solutions to address them.
We divide our PCI – PIN consulting and guidance effort into three easy efforts:
- Initial Product Design Review of the payment terminal to identify any security gaps (hardware or software-related) concerning PCI PTS compliance.
- Remediation Support to fix the gaps found in the design of the device.
- Final Mock Testing to assess the robustness of the payment terminal before the official evaluation.