Expert Payments Security and Encryption Consulting

PCI PIN 3.0: How to ensure your organization is PCI Compliant

Without mincing words, whatever that could end or even slow down the widespread fraud on credit card data would be a valuable asset to the PCI security standard council (PCI SSC); which is their primary goal as a council.

The fraudulent activities are so rampant that a recent publication from Gemini Advisory, reported that about 60 million US card payment transaction had been tampered with in the last 12 months, and 75 percent are Card present record that was stolen at POS devices, and only 25 percent were compromised in online breaches.  The reports went further to suggest that an overwhelming 75.9 million stolen cards were up for sale on the Dark-Web in 2018 alone.

Whatever the case, these unchecked activities are far-reaching, and has pushed the PCI Security standard council to come up with a new PIN security standard version 3.0 for the payment card industry.

The new PIN security standard was released last year to enable merchants, and other relevant stakeholders in the industry to secure management, processing, and transmission of PIN data at attended or unattended POS terminal or ATMs.

The Origin of the New PCI pin 3.0 updates

The PCI security standard council, a global, cross-industry organization that specializes in providing increased payment security using industry driven, and effective standard procedures to help business detect and prevent cyber-attacks and breaches. Formed a collaborationto create one unified PIN security standard for payments stockholders with another tech giant, The Accredited Standards Committee X9 Inc, a non-profit organization that develop both local and foreign standards for the financial services industry.

PCI SSC Chief technology officer, Troy Leach, said that “the industry has long been using PIN as an additional form of security, and that the Version, 3.0 PCI PIN security standard, will continue to make sure the integrity of using PIN is maintaining by reducing future risks to key generations and operations by Key injection facilities ”. This is a bold step in the right direction and will go a long way for the industry

The changes made to the new PCI PIN standards are summarized here;

  • Impending deprecation of clear-text key injection for Key Injection Facilities (KIFs)
  • A fixed-key deprecation (goes into effect 2023)
  • Deprecation of clear-text key injection for acquiring connections and only encrypted keys shall be allowed into a Secret cryptographic DeviceSCD
  • The test procedures have been improved to ensure more efficient testing of existing requirements
  • Fixed key TDES PIN encryption will be disallowed at future dates.

Becoming PCI Compliance with the new standards

Let’s start with what PIC Compliance is; it’s a set of measures aimed to create secure data sharing environments for brands that accept credit card payments. Marchant and third-party providers are required by law to be assigned four and two levels of compliance, respectively.

What’s more, While the compliance requirement can be completed independently by providers, it is still advisable and a good line of action to consider hiring a PCI expert because, from experience, we find the process to be effortlessly more straightforward when leveraging the advice and services of an experienced PCI expert.

Gem Security Solutionsis a reputable PIC compliance service provider that can help your business meet the new PIC PIN requirements. Their Job is to let you focus on the core business functions while we handle the information security pre-assessment and remediation. We have over 15 years as a committee member of ASC X9-F6. And have assisted in developing and maintaining standards used in retail financial services. Click hereto know more





Leave a Reply