Encryption & Key Management , Governance & Risk Management , Next-Generation Technologies & Secure Development

A Look at PCI's New Requirements for POS Vendors

Troy Leach Describes Effort to Thwart Attempts to Defeat Encryption

The PCI Security Standards Council has made additions to its PIN transaction and point-of-interaction security requirements to help ensure that point-of-sale vendors can stay ahead of new attacks aimed at defeating encryption, says Troy Leach, chief technology officer for the council.

See Also: Is Cyberstorage the New Paradigm for Data Security?

At the council's recent North American Community Meeting held in Las Vegas, version 5.0 of the PIN Transaction Security (PTS) Point of Interaction (POI) standard was released. POS manufacturers have until the end of 2017 to comply, Leach explains in this video interview with Information Security Media Group conducted at the event.

"After 2017, [POS vendors] will be required to validate their devices to version 5 of the standard," Leach says. "The standard is written for manufacturers of any type of PIN-entry device, or now account-data device that is accepting payments. So, this is a version update. We update it every three years. ... We are now in 2016 looking at: 'What is the future of payment technology? How do we evolve, knowing that these devices are going to be in the marketplace for 10 to 15 years?'"

In this interview, Leach also discusses:

  • How side-channel analysis, which reviews a device's ability to determine cryptography, can be used to detect early risks;
  • Why remote updates of firmware will become essential; and
  • How the council is partnering with EMVCo to collaborate on the next version of 3-D Secure, a standard for securing ecommerce payments.

In his role at the PCI Council, Leach partners with council representatives, PCI participating organizations and industry leaders to develop comprehensive standards and strategies to secure payment card data and the supporting infrastructure. He is a congressional subject-matter expert on payment security and is the current chairman of the council's standards committee.

About the Author

Tracy Kitten

Tracy Kitten

Former Director of Global Events Content and Executive Editor, BankInfoSecurity & CUInfoSecurity

Kitten was director of global events content and an executive editor at ISMG. A veteran journalist with more than 20 years of experience, she covered the financial sector for over 10 years. Before joining Information Security Media Group in 2010, she covered the financial self-service industry as the senior editor of ATMmarketplace, part of Networld Media. Kitten has been a regular speaker at domestic and international conferences, and was the keynote at ATMIA's U.S. and Canadian conferences in 2009. She has been quoted by CNN.com, ABC News, Bankrate.com and MSN Money.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.