PCI SSC updates standard for payment devices to protect cardholder data

Ina Goel

June 19, 2020

The PCI Security Standards Council (PCI SSC) has streamlined the standard for payment devices to empower stronger protections for cardholder data. According to Help Net Security, the PCI PIN Transaction Security (PTS) Point-of-Interaction (POI) Modular Security Requirements 6.0 will boost security controls to defend against physical tampering and the insertion of malware that can compromise card data during payment transactions. The new PTS POI Version 6.0 is set up to protect PINs and the cardholder data stored on the card – on the magnetic stripe, or the chip of an EMV card – or used in conjunction with a mobile device. The changes include: Restructuring modules into Physical and Logical, Integration, Communications and Interfaces, and Life Cycle to reflect the diversity of devices supported under the standard and the application of requirements based upon their characteristics and functionalities. Limiting firmware approval timeframes to three years to help ensure ongoing protection against evolving vulnerabilities. Requiring devices accepting EMV enabled cards to support Elliptic Curve Cryptography (ECC) to help facilitate the EMV migration to a more robust cryptography level. It is enhancing support for the acceptance of magnetic stripe cards in mobile payments using solutions that follow the Software-Based PIN Entry on COTS (SPoC) Standard.

Abridged fromHELPNETSECURITY