In August 2018, the
PIN Security standard version 3.0 was released by the
PCI Council, summarizing security requirements for PIN-based payment transactions, including PIN management, processing and transmission.
The scope of the standard pertains to all
organizations acquiring or processing PIN-based transactions, performing
remote key distribution,
certificate issuance/registration or terminal key injection.
From 2019 the QPA (Qualified PIN Assessor) program introduced by the
PCI Council is replacing the former PIN Security Assessor program by Visa, thus transferring responsibility for PIN Security asessments to QPA certified companies.
According to the
mandate issued by Visa, all
symmetric payment keys used between them and external organizations have to be migrated from
'variant' to 'key block' format encryption, according to the following schedule.
- By June 2019: Implement key blocks for internal connections and key storage within service provider environments
- By June 2021: Implement key blocks for external connections to associations and networks
- By June 2023: Implement key blocks to extend to all merchant hosts, point-of-sale (POS) devices and ATMs
AperSky Consulting Llc. - currently as the only Hungarian company - can provide
full range QPA services with two PCI QPA certified auditor, which includes the following areas:
PCI PIN Security Preparation
- Preparation and scoping activities
- Consultancy on infrastructure design
- Audit preparation
PCI PIN Security Implementation
- PIN Security consultancy and documentation support
- PIN Security training for relevant parties
PCI PIN Security assessments
- Official PCI QPA assessment
- Completion of PCI PIN Security Report on Compliance (ROC) and Attestation of Compliance (AOC) documents
In case of interest about our QPA services, please contact us
please contact us for a customer-tailored proposal!