PCI SSC Updates PIN Transaction Security Standard

Version 4.0 enhances security for accepting and processing payment cards.

June 11, 2013

LOUISVILLE, KY – The PCI Security Standards Council (PCI SSC) has released the published version 4.0 of the PIN Transaction Security Point of Interaction (PTS POI) requirements, ATM Marketplace reports.

The standards, when used with hardware security module requirements, enhance security for accepting and processing payment cards. 

Key changes in version 4.0 include:

  • Restructured open protocols module — helps ensure that POI devices do not have communication vulnerabilities;
  • Enhanced interface testing and logical security requirements — ensures that no interface can be abused or used as an attack vector;
  • Added source code reviews — enhances the robustness of the testing process; and
  • Introduction of a vendor-provided security policy — facilitates implementation of an approved POI device in a manner consistent with the POI requirements.

"With 3.1 we introduced changes that would help facilitate the use of point-to-point encryption technology and open platforms, such as mobile phones, to accept payments," said Troy Leach, chief technology officer at PCI Security Standards Council. "Version 4.0 continues to build on this by addressing all interfaces that potentially grant access to data or resources in POI devices, in addition to the critical communications channels, such as RFID, wireless, cellular (e.g., GPRS, CDMA) and Bluetooth."

For now, vendors have the option of testing against version 3.1 or version 4.0. Beginning in May 2014, version 3.0 will no longer be available for new evaluations.

Advertisement
Advertisement
Advertisement