PCI Security Council updates requirements for payment card devices

The council that administers the Payment Card Industry Data Security Standard (PCI DSS) today released new requirements that vendors of payment card devices will be expected to incorporate into their products in the future.
The new requirements are in the latest version of the council’s PIN Transaction (PTS) Security Requirements and are designed to bolster security on retail point-of-sale card readers and unattended kiosks and payment terminals, such as those found at airports and gas stations.
Version 3.0 of the PCI council’s PTS includes three new modules for device vendors and their customers to secure sensitive card data. One of the modules contains requirements pertaining to the secure reading and exchange of data on payment card devices. The requirements would enable the secure reading and encryption of sensitive cardholder data at the point where a credit or debit card is swiped.
A second module spells out the security standards that device vendors will be expected to follow while integrating all of the different components that make up an unattended point-of-sale device that accepts PIN-debit card transactions. The third module, called Open Protocols, contains a set of new requirements relating to wireless-enabled payment card devices.
The new version of PTS also consolidates what used to be three separate sets of requirements for point-of-sale devices, PIN entry devices, unattended payment terminals and for encrypting PIN pads. The consolidation is supposed to make it easier for device vendors to implement the requirements and eliminates some of the overlap from having three separate sets of requirements, said Bob Russo, general manager of the PCI Security Standards Council.
The council’s PTS standard provides payment device vendors with a set of guidelines for ensuring the security of cardholder data on payment devices. Version 2.0 of the standard will be retired in 2011, by which time vendors will be expected to start implementing the requirements contained in Version 3.0.
The council was set up by Visa, MasterCard, American Express and other credit card companies and is responsible for developing security standards for the payment card industry. Each credit card company, however, is responsible for setting implementation deadlines and enforcing compliance with the requirements.
The PTS standards apply only to payment card devices. The council has a similar but separate set of standards for merchants and payment processors and one for developers of payment applications. The council is set to announce new versions of both those standards later this year.
The updated PTS standards come amid growing concerns about the security of payment card devices.
“Point of sale terminals are currently the security hot spot these days” in the payment industry,” Russo said. There’s increasing concern about fraud and data theft resulting from the use of illegal card-skimmers attached to payment card devices and from the theft and modification of such devices, he said.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Featured Article

ADaPT connects employers with highly skilled young workers

Help wanted. That’s what many tech companies across Canada are saying, and research shows that as the demand for skilled workers...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now