PCI SSC and the payment brands

The standard represents a baseline of technical and operational requirements designed to protect cardholder data and is maintained by PCI Security Standards Council (PCI SSC) – a global forum for the ongoing development, enhancement, storage, dissemination and implementation of security standards for account data protection. The standard is enforced by the payment brands, namely VISA, MasterCard, Amex, JCB and Discover.

Who is it for?

The PCI PIN Security Program Guide outlines the security and procedural requirements for acquirers and/or their agent(s) who handle or manage PIN data or are involved with key management that protect PINs associated with payment transactions.

The standard

This standard contains a complete set of requirements for the secure management,
processing, and transmission of personal identification number (PIN) data during online and
offline payment card transaction processing at ATMs and point-of-sale terminals. These PIN
Requirements are based on the industry standards. The requirements presented in this
standard are organized into seven related groups, referred to as “Control Objectives.” These
requirements are intended for use by all acquiring institutions and agents (e.g., transaction
processors, key-injection facilities and certification and registration authorities) responsible
for PIN transaction processing on the payment card industry participants’ denominated
accounts and should be used in conjunction with other applicable industry standards.

This Standard:
• Identifies minimum security requirements for PIN-based interchange transactions.
• Outlines the minimum acceptable requirements for securing PINs and encryption
• Assists all retail electronic payment system parts

Entities may be subject to requirements in multiple sections, depending on the activities

Why should my organisation be PCI DSS compliant?

The answer is quite simple, keep your systems secure, and customers can trust you with their sensitive payment card information. When you stay compliant, you are part of the solution – a united, global response to fighting payment card data compromise.