Archive Links

Consumer Archive
CU System Archive
Market Archive
Products Archive
Washington Archive
150x172_CUEffect.jpg
Contacts
LISA MCCUEVICE PRESIDENT OF COMMUNICATIONS
EDITOR-IN-CHIEF
MICHELLE WILLITSManaging Editor
RON JOOSSASSISTANT EDITOR
ALEX MCVEIGHSTAFF NEWSWRITER
TOM SAKASHSTAFF NEWSWRITER

News Now

Products

PCI council releases PIN security requirements

Products
WAKEFIELD, Mass. (12/23/14)--The Payment Card Industry (PCI) Security Standards Council has released v2.0 of PIN Security Requirements.
 
The program contains a complete set of requirements for the secure management, processing and transmission of personal identification number (PIN) data at ATMs and attended and unattended point-of-sale (POS) terminals.
 
PCI PIN Security Requirements v2.0 aims to enhance usability and understanding by stating the requirements in a more granular manner, the council said.
 
The update includes incorporation of testing procedures into the requirements, which resulted in two versions of the document--PCI PIN Security Requirements v2.0 and PCI PIN Security Requirements and Test Procedures v2.0. The council said that including testing procedures in a separate version will facilitate a smoother evaluation and deeper understanding of the requirements.
 
The council also has published a summary of significant changes document that provides a high-level look at the modifications to the requirements.
 
Examples of common vulnerabilities for PIN theft addressed by the requirements include:
  • PINs that are not protected by use of a secure PIN block;
  • Failure to use approved cryptographic devices for PIN processing;
  • Cryptographic keys that are not random and not unique to each point of interaction device, and keys that never change;
  • Few, if any, documented PIN-protection procedures; and
  • Audit trails or logs that are not maintained.
"Criminals are actively targeting the point of sale and it's up to us as a community to stop them in their tracks," said Stephen W. Orfei, general manager of PCI Security Standards Council. "The requirements enhance the protection of devices that accept PINs with the end goal of securing cardholder data at the POS."

PIN Security Requirements is included in the current PIN Security Transaction security requirements. Program requirements and a list of approved devices are available for download.

Other Resources

RSS





print
News Now LiveWire
CUNA: CUNA offices closed through Friday, News Now returns Monday http://t.co/a5xbLzQKDj
19 hours ago
Reminder: @CUNA's Madison, D.C. offices will be closed through Friday, open again on Monday. #NewsNow will publish Monday.
12 23 ago
MI dentist to match @CUDirect's $20K to @HurleyMedical as a result of #20for20 online voting http://t.co/hqmIc9LpK1 @CMNHospitals
12 23 ago
New #creditunion chartered in St. Louis - #LutheranFCU - by @TheNCUA http://t.co/faPfANGS0P. Only 3rd new FCU charter this year.
12 23 ago
Don't get hacked during the holidays-use these tips from @CUNA http://t.co/jEqxni6NhO #StoptheDataBreaches http://t.co/woIxPOIyys
12 23 ago