COMPLIANCE WITH PCI PIN
Security for your customers and your business
The PIN (card identification number) is a unique data
Have you ever wondered What security measures has your company to ensure the card's PIN of the users when they pay in a supermarket, in a restaurant or make withdrawals at an atm?
what your PIN is insurance? how is the transmission? What security measures have been implemented. The PIN (card identification number) is a unique data and extremely sensitive, which, if compromised with the details of the card associated with it, you can occur an activity of fraud by generating a financial loss.
This is what makes PCI PIN Security Requeriments. Is a regulation of PCI that covers the safety PIN in payment transactions on-line and off-line at atms (ATM) and point of sale terminals (POS), allowing this regulation to manage, process, and securely transmit the personal identification number (PIN)
The PIN (card identification number) is a unique data
- Identify the minimum requirements of security for transactions on the exchange based on PIN
- Describe the minimum requirements acceptable to ensure the data PIN and the encryption keys
- Attend all payment system participants in establishing measures to ensure that the PIN is not compromised
Actors involved in the performance of PCI PIN
Who must comply with the PCI PIN?
Companies that must comply with the security requirements of PCI PIN are companies that manage or use devices that process and accept a PIN card holders:
- The standard PCI PIN is mandatory for all institutions, acquirers, and the responsible for the processing of the transaction with a PIN card payment card brands of the PCI SSC (VISA, MasterCard, AMEX, Discover and JCB).
- These companies may be related with institutions that have installed atms, terminals, Point-of-Sale (POS) or payment kiosks.
- The organizations that provide key management services, especially in the form of support for encryption or injection facilities, must pay close attention to your state of compliance of PCI PIN.
- Companies that use asymmetric cryptography through certification authorities, and remote distribution. (providers of services)
If the POS are part of the commercial solution, and the door of scope for transactions with clients to accept credit card payments...
Drink to comply with the requirements of PCI security PIN. The purpose of an assessment of a PIN is to assess whether an organisation is delivering safely encrypted PIN in your transactions, such as POS devices, where customers enter their PIN.
A PIN is the main credential used to identify and authenticate the client to complete a transaction...
and at no time during the payment process, you must expose the PIN. The security requirements of the PIN PCI describe a set of standards for the management, processing and transmission of secure data the PIN (personal identification Number) for card transactions on-line and off-line.
The requirements ensure that the PIN of 4 digits of the credit card holder to remain encrypted on all payment systems, so that confidentiality must be protected at all times
What are the risks that covers the PCI PIN?
Are all those that derive from the management, processing and transmission of the PIN from the card of payment during the processing of online transactions and offline through atms and points of sale.
How do We do it?
1. Compliance and definition of scope:
The first step we need to do to make an assessment PIN is to determine efficiently the scope by identifying all locations where you perform operations that support the processing of transactions in the environment of the actors defined and identify all of the encryption keys used for the acquisition and processing of the PIN.
2. GAP analysis
The first step to comply with the requirements of PCI PIN is to perform an analysis of the processes of the company that involve the PIN, processes of injection and management of encryption keys, etc
The GAP assesses the processes, roles involved and technologies of the organization and compares them with the requirements of the PCI PIN in order to identify the gap to define a part of the organization evaluated the action plans for its closure.
3. Implementation of the Action Plan
In the implementation of the action plan, the organization closed the findings in processes, technology, and execution of activities by the staff involved.
IQ-Information Quality supports the process of closing with the accompaniment of our experts with the recommendations to ensure that the implemented by the organization complies with the requirements of the standard
4. Certification audit for Compliance with PCI PIN
Information Quality as QPA, in the process of audit verifies, through technical reviews and procedimientales, that the requirements set forth in the PCI PIN are being met.
Is delivered to the AOC (Attestation of Compliance) and the ROC (Report on Compliance) of the PCI PIN. In case of identifying findings defined a deadline for its closure and validated, proceed to the issuance of documents of compliance
How is it organized the PCI standard PIN?
The standard was created in September of 2011, and she is down, divided in 7 control objectives, 32 security requirements that institutions, acquirers, and the responsible for the processing of the transaction with a PIN card payment have to meet.
What PCI DSS or PCI PIN?
PCI DSS applies to all entities that store, process or transmit card data PAN ( Personal Account Number). This standard applies to businesses and service providers to: issuers, processors, call centers, payment gateways, SOCs, data centers, among others
PCI PIN engages all of the entities that acquire, process, or transmit PIN. includes entities acquirers, and service providers involved with the injection of keys, or certificate authorities. The PCI PIN does not apply in the retail or in the issuers.