PCI Issues New POS Standard
PIN Transaction Security Update is Effective ImmediatelyVersion 3.0 of the PIN Transaction Security (PTS) Point of Interaction (POI) standard is designed to streamline and simplify testing and implementation by providing a single set of modular evaluation requirements for all Personal Identification Number (PIN) acceptance Point of Interaction terminals. This standard is meant to enhance and prevent payment card fraud on devices that accept payment transactions and will cover everything from retail point of sale card readers to unattended payment terminals at gas stations and parking lots.
The new standard's rollout comes after a several years of noted credit card breaches such as those at retailer TJX and payment processor Heartland Payment Systems. The most recent card-related breach was Hancock Fabrics, where point of sale devices were swapped out with bogus equipment that had skimming devices in them to collect card data.
The PCI Council says the new standard is effective immediately. Version 3.0 also includes three new modules for device vendors and their customers to secure sensitive card data.
Up to now there were three separate sets of requirements for Point of Sale PIN Entry Devices (PED), Encrypting PIN Pads (EPP), and Unattended Payment Terminals (UPT). This version of the standard simplifies the testing process and eliminates overlap of documentation by providing one modular security evaluation program for all terminals and a single reference listing of approved products.
Bob Russo, general manager of the PCI Security Standards Council says to help everyone better understand the new standards and how they should be applied, the council will host two webinars next week. Registration information is available at the PCI website.
"By combining all of the requirements into one program, we have simplified one-stop shopping when it comes to secure devices," says Russo in a statement. This new approach and additional modules make it easier for manufacturers and merchants to make sure that at any point in a transaction, account data is being protected, he adds.
The updated standard and detailed listing of approved devices are available on the PCI Council's website .