PCI PIN

This standard contains a complete set of requirements for the secure management,
processing, and transmission of personal identification number (PIN) data during online and
offline payment card transaction processing at ATMs and point-of-sale terminals. These PIN
Requirements are based on the industry standards. The requirements presented in this
standard are organized into seven related groups, referred to as “Control Objectives.” These
requirements are intended for use by all acquiring institutions and agents (e.g., transaction
processors, key-injection facilities and certification and registration authorities) responsible
for PIN transaction processing on the payment card industry participants’ denominated
accounts and should be used in conjunction with other applicable industry standards.

This Standard:
• Identifies minimum security requirements for PIN-based interchange transactions.
• Outlines the minimum acceptable requirements for securing PINs and encryption
keys.
• Assists all retail electronic payment system parts

Entities may be subject to requirements in multiple sections, depending on the activities
performed.