PCI PTS

PCIPCI PTS is a standard for the niche companies working as the manufacturer or the vendor of the payment device. The Council provides the PIN Transaction Security (PTS) requirements, which contains a single set of requirements for all personal identification number (PIN) terminals, including POS devices, encrypting PIN pads and unattended payment terminals.

In this training, the candidates learn about PTS and PCI PIN security requirements for the physical and logical security of the point-of-sale devices or terminals, whether they be attended, i.e. manned by merchants, or unattended (UPT), i.e. parking payment automated machines.

As PIN pad devices, POS devices and UPTs have been identified as new attack vectors, PCI PTS requirements focus on protecting them. These requirements mandate that measures be taken to see that IT-based attacks on these devices are detectable and fully auditable, which includes requirements for clearing memory and upgrading systems on a regular basis. It is up to merchants to ensure that they use devices that meet PTS requirements (a list of PCI-compliant PTS devices can be found on the PCI SSC website).

It is also worth noting that PTS requirements now include more detailed guidance on the secure use of “open” protocols, if the PIN devices are Internet-, Wi-Fi- or GPRS-enabled. Additionally, integration modules ensure that the use of devices such as smart card readers, as well as existing components such as EPPs, do not affect the security of the end product.

Our extensive experience in the payment software and hardware security training allows us to deliver right and cost-effective expert guidance as early as the design stage and trainings in the various complex industry standards.

The training covers requirements for Point of Interaction (POI) devices. It comprises the requirements in software for

  • POS PIN Entry Devices (PED)
  • Encrypting PIN PEDs (EPP)
  • Unattended Payment Terminals (UPT)
  • Encrypting PIN PEDs (EPP)
  • POS PIN Entry Devices (PED)
  • IC Card Readers (ICCR) and
  • Magnetic Stripe Readers (MSR)
  • Hardware Security Modules (HSM)
  • cryptographic operations on PINs and transaction data

[The possibility to approve OEM components enables cost savings, since such a component can be evaluated just once and built into various devices.]

If your payment scheme components have to comply also with the requirements of Indian Card operator RuPay/ Department of Payment and Settlement Systems, Reserve Bank of India, German Banking Industry Committee (GBIC) or Open Standards for Security and Certification (OSeC)/ Joint Interpretation Library Terminal Evaluation Methodology Subgroup (JTEMS) requirements, you may take advantage of the insights offered by this training.