PCI Issues New POS Standard

PIN Transaction Security Update is Effective Immediately
PCI Issues New POS Standard
A new measure to strengthen credit card data protection was released by the PCI Security Standards Council today.

Version 3.0 of the PIN Transaction Security (PTS) Point of Interaction (POI) standard is designed to streamline and simplify testing and implementation by providing a single set of modular evaluation requirements for all Personal Identification Number (PIN) acceptance Point of Interaction terminals. This standard is meant to enhance and prevent payment card fraud on devices that accept payment transactions and will cover everything from retail point of sale card readers to unattended payment terminals at gas stations and parking lots.

The new standard's rollout comes after a several years of noted credit card breaches such as those at retailer TJX and payment processor Heartland Payment Systems. The most recent card-related breach was Hancock Fabrics, where point of sale devices were swapped out with bogus equipment that had skimming devices in them to collect card data.

The PCI Council says the new standard is effective immediately. Version 3.0 also includes three new modules for device vendors and their customers to secure sensitive card data.

Up to now there were three separate sets of requirements for Point of Sale PIN Entry Devices (PED), Encrypting PIN Pads (EPP), and Unattended Payment Terminals (UPT). This version of the standard simplifies the testing process and eliminates overlap of documentation by providing one modular security evaluation program for all terminals and a single reference listing of approved products.

Bob Russo, general manager of the PCI Security Standards Council says to help everyone better understand the new standards and how they should be applied, the council will host two webinars next week. Registration information is available at the PCI website.

"By combining all of the requirements into one program, we have simplified one-stop shopping when it comes to secure devices," says Russo in a statement. This new approach and additional modules make it easier for manufacturers and merchants to make sure that at any point in a transaction, account data is being protected, he adds.

The updated standard and detailed listing of approved devices are available on the PCI Council's website .

About the Author

Linda McGlasson

Linda McGlasson

Managing Editor

Linda McGlasson is a seasoned writer and editor with 20 years of experience in writing for corporations, business publications and newspapers. She has worked in the Financial Services industry for more than 12 years. Most recently Linda headed information security awareness and training and the Computer Incident Response Team for Securities Industry Automation Corporation (SIAC), a subsidiary of the NYSE Group (NYX). As part of her role she developed infosec policy, developed new awareness testing and led the company's incident response team. In the last two years she's been involved with the Financial Services Information Sharing Analysis Center (FS-ISAC), editing its quarterly member newsletter and identifying speakers for member meetings.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.