In August 2018
, the PIN Security standard version 3.0
was released by the PCI Council
, summarizing security requirements for PIN-based payment transactions, including PIN management, processing and transmission.
The scope of the standard pertains to all organizations acquiring or processing PIN-based transactions
, performing remote key distribution
, certificate issuance/registration or terminal key injection
From 2019 the QPA (Qualified PIN Assessor)
program introduced by the PCI Council
is replacing the former PIN Security Assessor program by Visa, thus transferring responsibility for PIN Security asessments to QPA certified companies.
According to the mandate issued by Visa
, all symmetric payment keys
used between them and external organizations have to be migrated from 'variant' to 'key block'
format encryption, according to the following schedule.
AperSky Consulting Llc.
- By June 2019: Implement key blocks for internal connections and key storage within service provider environments
- By June 2021: Implement key blocks for external connections to associations and networks
- By June 2023: Implement key blocks to extend to all merchant hosts, point-of-sale (POS) devices and ATMs
- currently as the only Hungarian company - can provide full range QPA services
with two PCI QPA certified auditor, which includes the following areas:
PCI PIN Security Preparation
- Preparation and scoping activities
- Consultancy on infrastructure design
- Audit preparation
PCI PIN Security Implementation
- PIN Security consultancy and documentation support
- PIN Security training for relevant parties
PCI PIN Security assessments
- Official PCI QPA assessment
- Completion of PCI PIN Security Report on Compliance (ROC) and Attestation of Compliance (AOC) documents
In case of interest about our QPA services, please contact us please contact us
for a customer-tailored proposal!