PCI PIN is a “hot topic” at the moment and Foregenix is seeing a heap of enquiries coming through from countries throughout the CEMEA region, reason being is twofold: firstly organizations need to achieve compliance by 31st December 2015 and secondly the frequency of the on-site PIN reviews has recently changed from a 3 or 5 year cycle (depending on region) to a standard 2 year cycle.
Here’s a brief overview of the PIN Security Program.
The PCI SSC provides a complete set of requirements for the secure management, processing and transmission of PIN data during online and offline payment card transaction processing at ATMs and point-of-sale (POS) terminals through the PCI PIN Program.
PIN Participants required to validate PIN compliance to VISA include the following:
- PIN-Acquiring Third Part VisaNet Processors
- PIN- Acquiring Client VisaNet Processor Acting as a Service Provider
- PIN-Acquiring Third Party Servicers
- Encryption and Support Organizations
Visa have made some changes to their PIN Security validation requirements and recently published PCI PIN Security Standards v2.0, you can find it here under the PTS tab.
Until 30 June 2015, organizations may perform their 2015 PIN security assessments to validate PIN compliance using version 1.0 or version 2.0 of the PCI PIN Security Requirements. Effective 1 July 2015, all PIN security compliance assessments must be started according to version 2.0.
In a nutshell, the typical PIN engagement goes like this;
- The assigned Foregenix security assessor will perform the onsite assessment
- They will then provide the client with a report
- The security assessor will assist the client with remediation
- Upon successful remediation Foregenix will issue the client with a Visa Attestation of Compliance (VAOC).
Foregenix currently have a team of very experienced Security Assessors who travel the world assisting our clients to achieve and maintain compliance with the PIN Security Standard.
My advice to all those organizations who are PCI PIN Program participants, engage now and give yourself ample time to become compliant - the deadline is closing in!
Find out more about our PCI PIN Compliance service here.