PCI PIN Security

In August 2018, the PIN Security standard version 3.0 was released by the PCI Council, summarizing security requirements for PIN-based payment transactions, including PIN management, processing and transmission.

The scope of the standard pertains to all organizations acquiring or processing PIN-based transactions, performing remote key distribution, certificate issuance/registration or terminal key injection.

From 2019 the QPA (Qualified PIN Assessor) program introduced by the PCI Council is replacing the former PIN Security Assessor program by Visa, thus transferring responsibility for PIN Security asessments to QPA certified companies.

According to the mandate issued by Visa, all symmetric payment keys used between them and external organizations have to be migrated from 'variant' to 'key block' format encryption, according to the following schedule.

  • By June 2019: Implement key blocks for internal connections and key storage within service provider environments
  • By June 2021: Implement key blocks for external connections to associations and networks
  • By June 2023: Implement key blocks to extend to all merchant hosts, point-of-sale (POS) devices and ATMs
AperSky Consulting Llc. - currently as the only Hungarian company - can provide full range QPA services with two PCI QPA certified auditor, which includes the following areas:

PCI PIN Security Preparation

  • Preparation and scoping activities
  • Consultancy on infrastructure design
  • Audit preparation

PCI PIN Security Implementation

  • PIN Security consultancy and documentation support
  • PIN Security training for relevant parties

PCI PIN Security assessments

  • Official PCI QPA assessment
  • Completion of PCI PIN Security Report on Compliance (ROC) and Attestation of Compliance (AOC) documents
In case of interest about our QPA services, please contact us please contact us for a customer-tailored proposal!



Knowledge Base Highlights


Get informed on Qualys’ On-demand Security solutions!

More »
_________________________________
Learn more about PCI DSS compliance!

More »
Certifications
Strategic partners



© AperSky Consulting Llc.