COMPLIANCE WITH PCI PIN

Security for your customers and your business

The PIN (card identification number) is a unique data

Have you ever wondered What security measures has your company to ensure the card's PIN of the users when they pay in a supermarket, in a restaurant or make withdrawals at an atm?

what your PIN is insurance? how is the transmission? What security measures have been implemented. The PIN (card identification number) is a unique data and extremely sensitive, which, if compromised with the details of the card associated with it, you can occur an activity of fraud by generating a financial loss.

This is what makes PCI PIN Security Requeriments. Is a regulation of PCI that covers the safety PIN in payment transactions on-line and off-line at atms (ATM) and point of sale terminals (POS), allowing this regulation to manage, process, and securely transmit the personal identification number (PIN)

PCI PIN Security Requeriments
Catos del PIN, llaves de cifrado

The PIN (card identification number) is a unique data

Actors involved in the performance of PCI PIN

¿Quiénes deben cumplir con PCI PIN?

Who must comply with the PCI PIN?

Companies that must comply with the security requirements of PCI PIN are companies that manage or use devices that process and accept a PIN card holders:

requisitos de seguridad del PIN de PCI

If the POS are part of the commercial solution, and the door of scope for transactions with clients to accept credit card payments...

Drink to comply with the requirements of PCI security PIN. The purpose of an assessment of a PIN is to assess whether an organisation is delivering safely encrypted PIN in your transactions, such as POS devices, where customers enter their PIN.

A PIN is the main credential used to identify and authenticate the client to complete a transaction...

and at no time during the payment process, you must expose the PIN. The security requirements of the PIN PCI describe a set of standards for the management, processing and transmission of secure data the PIN (personal identification Number) for card transactions on-line and off-line.

The requirements ensure that the PIN of 4 digits of the credit card holder to remain encrypted on all payment systems, so that confidentiality must be protected at all times

Requisitos de seguridad PCI PIN

What are the risks that covers the PCI PIN?

Are all those that derive from the management, processing and transmission of the PIN from the card of payment during the processing of online transactions and offline through atms and points of sale.

riesgos que cubre PCI PIN

How do We do it?

Cumplimiento y definición del alcance en PCI PIN

1. Compliance and definition of scope:

The first step we need to do to make an assessment PIN is to determine efficiently the scope by identifying all locations where you perform operations that support the processing of transactions in the environment of the actors defined and identify all of the encryption keys used for the acquisition and processing of the PIN.

Elementos importantes en PCI PIN
Plan, Acción PCI PIN

2. GAP analysis

The first step to comply with the requirements of PCI PIN is to perform an analysis of the processes of the company that involve the PIN, processes of injection and management of encryption keys, etc

The GAP assesses the processes, roles involved and technologies of the organization and compares them with the requirements of the PCI PIN in order to identify the gap to define a part of the organization evaluated the action plans for its closure.

3. Implementation of the Action Plan

In the implementation of the action plan, the organization closed the findings in processes, technology, and execution of activities by the staff involved.

IQ-Information Quality supports the process of closing with the accompaniment of our experts with the recommendations to ensure that the implemented by the organization complies with the requirements of the standard

4. Certification audit for Compliance with PCI PIN

Information Quality as QPA, in the process of audit verifies, through technical reviews and procedimientales, that the requirements set forth in the PCI PIN are being met.

Is delivered to the AOC (Attestation of Compliance) and the ROC (Report on Compliance) of the PCI PIN. In case of identifying findings defined a deadline for its closure and validated, proceed to the issuance of documents of compliance

How is it organized the PCI standard PIN?

The standard was created in September of 2011, and she is down, divided in 7 control objectives, 32 security requirements that institutions, acquirers, and the responsible for the processing of the transaction with a PIN card payment have to meet.

¿Cómo está organizado el estándar PCI PIN?
Qualified Security Assessor
QPA Program

What PCI DSS or PCI PIN?

PCI DSS applies to all entities that store, process or transmit card data PAN ( Personal Account Number). This standard applies to businesses and service providers to: issuers, processors, call centers, payment gateways, SOCs, data centers, among others

PCI PIN engages all of the entities that acquire, process, or transmit PIN. includes entities acquirers, and service providers involved with the injection of keys, or certificate authorities. The PCI PIN does not apply in the retail or in the issuers.

Contact us

Start NOW to make your assessment of compliance with PCI PIN beginning to protect the data of your customers