Risk Management | PIN Security

29 January 2015

PCI PIN Security Requirements Updated

AP, Canada, CEMEA, LAC, U.S. | Acquirers, Issuers, Processors, Merchants, Agents

To enhance validation methods and improve consistency with compliance assessments, the Payment Card
Industry Security Standards Council (PCI SSC), which manages security standards for the payment card industry,
has published version 2.0 of the PCI PIN Security Requirements. The new requirements were published and
became effective December 2014.
PCI PIN Security Requirements Updates
The PCI SSC updates provide a complete set of requirements for the secure management, processing and
transmission of PIN data during online and offline payment card transaction processing at ATMs and point-of-sale
(POS) terminals. This latest version is designed to:

Improve acquirer and agent understanding of PCI PIN Security Requirements

Provide detailed testing procedures to ease compliance testing and ensure consistent validation methods

Enhance requirements for deployed points-of-interaction (POI) devices

Improve organization of the Remote Key Distribution Using Asymmetric Techniques Operations and the
Certification and Registration Authority Operations requirements

Compliance Effective Dates

Until 30 June 2015, organizations may perform their 2015 PIN security assessments to validate PIN compliance
using version 1.0 or version 2.0 of the PCI PIN Security Requirements. Effective 1 July 2015, all PIN security
compliance assessments must be started according to version 2.0.
Visa reminds clients and acquiring third party agents that process or handle PIN data or perform cryptographic
key management activities that they must comply with the PCI PIN Security Requirements and adhere to all
applicable Visa Core Rules and Visa Product and Service Rules (ID#: 0027086), Plus System, Inc. Operating
Regulations and Interlink Network, Inc. By-Laws and Operating Regulations pertaining to PIN security.
Visa PIN Security Program Requirements1
As communicated in the 11 December 2014 edition of the Visa Business News, organizations identified as Visa PIN
Security Program Participants must perform their onsite security assessment by their respective validation
deadlines but no later than 31 December 2015.
All other organizations that process PIN data must comply with the PCI PIN Security requirements but are not
required to perform an onsite assessment using a Visa Approved PIN Security Assessor. Visa recommends these

organizations verify their compliance by performing a self-audit, either with forms available from the Visa PIN
website or by using an internal or external auditor to conduct an onsite review. Organizations must retain results
from the self-audit or company-initiated onsite review as evidence of compliance. Visa reserves the right to
request evidence of PIN compliance at any time.
Visit the Visa PIN Security website for more information on validation deadlines or contact your regional Visa PIN
Risk Representative.
1

These PIN program compliance validation requirements are applicable to Visa Inc. regions only. As a separate company, Visa Europe maintains its own
rules. Specific compliance validation deadlines and non-compliance assessments do not apply to Visa Europe clients or their sponsored agents.

Documents & Publications

PCI Security Standards Council Updates PCI PIN Security Requirements, 18 December 2014
Reminder: PCI PIN Security Compliance Assessments to Be Completed by Validation Deadlines, Visa Business
News, 11 December 2014
Changes to PIN Security Program Announced, Visa Business News, 17 October 2013
Visa PIN Security Program Modifications Frequently Asked Questions
The following documents are available at the PCI Standards & Documents Library under the PTS tab:

PIN Security Requirements, version 2.0

PIN Security Requirements Modifications: Summary of Changes versions 1.0 to 2.0

Online Resources
Visit the Visa PIN Security web page

For information on PCI PIN Security Requirements, email the PCI SSC at pcipts@pcisecuritystandards.org
For more information on the Visa PIN Security Program, PIN participant status or validation deadlines, email
your regional Visa PIN Risk representative:

AP and CEMEA: pinsec@visa.com

Canada and U.S.: pinna@visa.com

LAC: pinlac@visa.com

Global: pin@visa.com

Control Solutions, Inc.

7625 National Turnpike
Unit 100
Louisville, KY 40214
1-800-426-4004
Fax: 1-502-368-7657
www.posdata.com

About POSDATA

Partners

Who We Are

POSDATA is a value added distributor of electronic payment technologies, with a focus on providing
solutions and expertise to resellers in the channel. We are experts in key encryption and payment
security and provide a complete portfolio of services to aid in the configuration,encryption, deployment,
installation, repair and management of payment technologies.

40+ Years of Experience

Our experts have been serving industry channel members since 1973. Identifying better technologies
and systems to process payments is our expertise, and over the years we have built a solid network of
hardware manufacturers to provide the most advanced payment point of sale solutions available.

Why Choose POSDATA?

Expert Technical Support
Our experts are always available to suggest products and solutions for your needs. We stay up to date
on PCI compliance and payment security strategies and keep you aprised of important information.

Outstanding Access to Top Manufacturers

POSDATA maintains strong strategic partnerships with the leading manufacturers in payment
technologies. We pride ourselves on knowing every detail about the latest products on the market and
passing this information along to the channel.

Trade Members

Systems Engineering

We provide the engineering expertise to assist channel partners with the integration of payment
terminals into existing system infrastructures.

Complete Deployment Services

We specialize in custom sytem setups including configuration, custom screens and software loading.
We provide product imaging, inspection, asset tagging, custom packaging and shipping services to
ensure your technologies arrive ready for operation right out of the box. Additionally, we can assist our
channel partners with installation and training.

Responsive Customer Service

Every phone call and email is responded to promptly, completely and accurately by our customer
serviceWHDP

Lifelong Product Support

Our Life Cycle Services provide lifelong support of payment technologies after initial installation,
including product repair, mobile device management, warranty management, product refreshes, and ewaste recycling. With our advance exchange program, we keep replacement supplies in stock and
immediately send them out to minimize system downtime.

Contact us for product / service recommendations & to place an

order sales@posdata.com | 1-800-426-4004

POSDATA is a
registered trademark of
Control Solutions, Inc.

Control Solutions, Inc. | 5775 Soundview Drive, Suite 101E, Gig Harbor, WA 98335 | T: 1-800-852-3282 | F: 1-253-858-2802 | www.posdata.com