The PCI Security Standards Council (PCI SSC) updated the standard that mandates security requirements for PIN entry devices to incorporate devices that do not offer PIN entry.
The PIN Transaction Security (PTS) Data Security Standard (DSS) was expanded to include guidance for determining whether non-PIN accepting devices meet the requirements of point-to-point encryption (P2PE) - the technology many security experts believe is the most secure way to protect personal information and other card transaction data.
The update to the PTS DSS, a companion to the overarching Payment Card Industry (PCI) DSS, provides guidelines for the testing of any card acceptance device to determine if it can be used with P2PE technology. The PCI SSC said that, until now, the PTS DSS applied to PIN acceptance devices only. But with the release of version 3.1 of the PTS DSS, any device used for the acceptance of electronic payments can now be tested for its compatibility with P2PE technology.
Additionally, the new version of PTS DSS addresses secure card readers (SCRs) - devices that encrypt card data at the point of swipe, such as mag-stripe reading "sleeves" and dongles that fit on smart phones to transform them into payment acceptance devices.
"Merchants looking to use magnetic stripe readers (MSRs) or MSR plug-ins now can ensure these devices have been tested and approved to encrypt data on the reader before it reaches the device," the PCI SSC said.
The council hopes the release of the update will promote the use of open payment platforms, exemplified by smart phone payment systems. PCI SSC General Manager Bob Russo said, "We know how eager the market is to implement P2PE. By releasing these updated requirements now, merchants using any type of card acceptance device will have the ability to encrypt data at the point of interaction and ensure its protection.
Additionally, we've opened the standard up to address mobile devices - another area of great interest to our stakeholders."
Version 3.0 of PTS DSS was released in April 2010. The October 2011 update, v3.1, can be accessed at www.pcisecuritystandards.org/documents/PCI_PTS_POI_SRs_v3_1.pdf and includes these new features:
The PCI SSC hosted two free webinars outlining PTS DSS v3.1, followed by live Q&As. The webinars were held Nov. 8 and Nov. 10, 2011.
For additional news stories, please visit www.greensheet.com and click on "Read the Entire Story" in the center column below the latest news story excerpt. This will take you to the full text of that story, followed by all other news stories posted online.
The Green Sheet Inc. is now a proud affiliate of Bankcard Life, a premier community that provides industry-leading training and resources for payment professionals. Click here for more information.
Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.
Prev Next
