The Payment Card Industry Security Standards Council (PCI SSC), published version 3.0 of the PCI PIN security requirements in August 2018. This updated version was a collaborative effort between the PCI SSC and the American Standards Committee (ASC) X9. Together they integrated the ASC TR-39 into the PCI PIN security requirements to amalgamate it into PCI PIN 3.0. Here we examine the changes and what you need to know about the latest requirements order to ensure your organization remains compliant.
Summary of PCI PIN Update 3.0
The usage of personal computers for key loading is phased out. Clear-text secret and/or private keys and/or their components exist in unprotected memory outside the secure boundary of a secure cryptographic device (SCD), to be phased out.
- Allowance for the injection of clear-text secret or private keying material into an SCD will be phased out. Only encrypted key injections will be allowed.
- The requirement that encrypted symmetric keys must be managed in structures called key blocks has been broken into three separate phases with different implementation dates.
- Host support for Advanced Encryption Standard (AES) PIN encryption and decryption will be required at a future date.
- A new PIC PIN Assessor program includes the creation of a new Qualified PIN Assessor (QPA) designation and a listing of approved QPAs on the PCI SSC website.
GEM SECURITY SOLUTIONS can help you navigate these changes
The PCI PIN 3.0 update has brought with it a multitude of changes to the requirements specifically for having comprehensive documentation to attest that procedures exist and are documented and followed by an organization’s personnel. GEM SECURITY SOLUTIONS has the expertise to write customized documentation for all required processes and procedures to help processors, merchants and KIFs (Key Injection Facilities) become compliant. Now is the time to put your focus on your business’s core functions, and allow GEM SECURITY SOLUTIONS, a leading authority on financial security, to take care of ensuring you are compliant with the detailed changing regulations.
Contact us at: Info@gemsecuritysolutions.com