PCI SSC updates standard for payment devices to protect cardholder data

Thursday 18 June 2020 11:46 CET | News

The PCI Security Standards Council (PCI SSC) has streamlined the standard for payment devices to empower stronger protections for cardholder data.

According to Help Net Security, the PCI PIN Transaction Security (PTS) Point-of-Interaction (POI) Modular Security Requirements 6.0 will boost security controls to defend against physical tampering, and the insertion of malware that can compromise card data during payment transactions.

Moreover, PTS POI Version 6.0 is set up to protect PINs and the cardholder data stored on the card – on the magnetic stripe, or the chip of an EMV card – or used in conjunction with a mobile device. Therefore, PTS POI Version 6.0 reorganises the requirements, while introducing changes such as:
  • Restructuring modules into Physical and Logical, Integration, Communications and Interfaces, and Life Cycle to reflect the diversity of devices supported under the standard and the application of requirements based upon their individual characteristics and functionalities.

  • Limiting firmware approval time frames to three years to help ensure ongoing protection against evolving vulnerabilities.

  • Requiring devices that accept EMV enabled cards to support Elliptic Curve Cryptography (ECC) to help facilitate the EMV migration to a more robust level of cryptography.

  • Enhancing support for the acceptance of magnetic stripe cards in mobile payments using solutions that follow the Software-Based PIN Entry on COTS (SPoC) Standard.

More: Link

Free Headlines in your E-mail

Every day we send out a free e-mail with the most important headlines of the last 24 hours.

Subscribe now

Keywords: PCI Security Standards Council, PCI PTS, malware, cards, card data, cardholder, EMV card, Elliptic Curve Cryptography, ECC, magnetic stripe cards, mobile payments, Software-Based PIN Entry on COTS Standard, SPoC
Categories: Payments & Commerce
Countries: World
This article is part of category

Payments & Commerce