Crossbow Labs

Crossbow Labs Logo

pci pin security guidance

Lorem ipsum dolor sit amet, consectetur adipiscing elit.

PCI PIN security requirements, which is a VISA supplemental requirements document, lays down a set of requirements for the secure handling of Personal Identification Number (PIN) data during the online and offline payment card transaction processing at ATMs and Point-of-Sale terminals. The PIN is a four digit number which is used to identify the cardholder at the point of transaction. PCI PIN security requirements are intended to protect the confidentiality of cardholder PINs through out the transaction cycle and so it addresses minimum requirements for PIN-based interchange transactions and outlines the requirements for securing PINs and encryption keys. The PCI PIN Security requirements are categorized into 7 major control objectives with a total of 33 requirements.

PCI PIN Security Consulting

PCI PIN Security program applies to both Validating and non-Validating PIN participants.

Our security professionals at CBL help both validating and non-validating PIN participants in implementing the environment that meets the PIN security requirements and makes you compliance audit-ready.

We divide our PCI PIN consulting guidance into three easy efforts:

  1. Initial review of your business process to formalise the scope and conduct an as-is gap analysis againt the PCI PIN security requirements to identify any security gaps.
  2. Remediation support to fix the gaps found in the design phase
  3. Final mock testing to assess the robustness of the payment processing before the official evaluation and support in the final audit

Why Crossbow

We help our customers with a simplified audit procedure and helps streamlining the process with the help of our innovative Compliance management solution-BOLT.

Our well trained security professionals provides you with safe solutions based on the current threat landscape which ensures that the process, technique or policy that you have is compliant with specific requirements and is safe.

 

Our team not only helps you in making your environment audit ready, we also provide you support to face the final audit with the external auditors.

We also offer continual support to ensure that you stay PCI PIN compliant.

Why Crossbow

We help our customers with a simplified audit procedure and helps streamlining the process with the help of our innovative Compliance management solution-BOLT.

Our well trained security professionals provides you with safe solutions based on the current threat landscape which ensures that the process, technique or policy that you have is compliant with specific requirements and is safe.

 

Our team not only helps you in making your environment audit ready, we also provide you support to face the final audit with the external auditors.

We also offer continual support to ensure that you stay PCI PIN compliant.

Our Approach

1. Lorem Ipsum

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Fusce at ullamcorper ex. Aliquam erat volutpat.

2. Lorem Ipsum

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Fusce at ullamcorper ex. Aliquam erat volutpat.

3. Lorem Ipsum

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Fusce at ullamcorper ex. Aliquam erat volutpat.

4. Lorem Ipsum

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Fusce at ullamcorper ex. Aliquam erat volutpat.

5. Lorem Ipsum

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Fusce at ullamcorper ex. Aliquam erat volutpat.

6. Lorem Ipsum

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Fusce at ullamcorper ex. Aliquam erat volutpat.

PCI PIN SECURITY GUIDANCE FAQs

  • PIN Acquiring Third-Party VisaNet Processor (VNP) – A third party VNP entity that is directly connected to VisaNet and provides acquiring PIN processing services to Visa clients that have no ownership of the VNP
  • PIN Acquiring Client VNP acting as a Service Provider – A Visa client or clientowned entity that is directly connected to VisaNet and provides PIN acquiring processing services to other non-owned Visa clients. Processing services for their own sponsored clients only using the PIN Acquiring Client VNP BINs are considered in-house and therefore are Non-Validating PIN Participants.
  • PIN Acquiring Third-Party Servicers (TPS) – A third-party agent that stores, processes, or transmits Visa account numbers and PINs on behalf of Visa clients
  • Encryption and Support Organizations (ESO) – A non-member organizations that deploys ATM, POS or Kiosk PIN Acceptance devices which process and accept cardholder PINs and/or manage encryption keys (i.e, key injection facilities (KIFs)).
Non-validating participants include Visa clients, merchants and other organizations that acquire PIN transactions and/or perform key management services for only their own acquiring business are considered non-validating participants.

The Payment Card Industry Security Standards Council (PCI SSC) has published version 3.1 of the PCI PIN Security Requirements. VISA has announced that beginning 1 October 2021, all new assessments must be performed against PCI PIN v3.1.

No. PCI Software-based PIN Entry on COTS (SPoC) Solution providers are not considered Validating PIN Participants and not subject to Visa PIN Security Program. The PCI SSC manages the evaluation, testing and approval of software-based PIN entry solutions and lists approved solutions on their Approved Solutions website.

Talk With an Expert

Learn more about how crossbow labs can help protect your business. Contact us today.