PCI PIN Security
About PCI PIN Security
Compliance Control has been conducting PIN Security audits since 2014.
- We have become one of the first to be authorized by VISA in order to conduct VISA PIN Security audits.
PCI PIN Security is a payment card industry standard, defining hardware, facility and PIN data security requirements within the authorization process.
There are three main standard requirements groups:
- Transaction Processing Operations
- Symmetric Key Distribution using Asymmetric Techniques
- Key Injection Facility
VISA MPS, as VISA PIN Security Program holder, is the current standard author and regulator today.
The program determines the organizations types, having to meet and confirm compliance with the PCI PIN Security Requirements, namely:
PIN Acquiring Third-Party VisaNet Processor (VNP) is VISA provider or client, having got a direct connection to VisaNet and providing acquiring services to VISA clients.
PIN Acquiring Third-Party Servicers (TPS) provides the processing services for VISA cards on VISA customers’ behalf.
Encryption and Support Organizations (ESO) provide:
• Encryption keys management services (including local and remote key download).
• Certification centers to download the keys.
- Audit is required for all other organizations, connecting to VisaNet for the first time. Qualified PIN Assessor (QPA) such as Compliance Control is involved in PCI PIN Security audit, which takes place at least once per two years.
Preliminary data collection and analysis.
Audit and Report on Compliance.
Support in eliminating inconsistencies.
We prepare Attestation of Compliance with PCI PIN Security on the audit results basis and notify VISA.Home / PA-DSS about it.