On the blog we discuss a joint collaboration between PCI SSC and ASC X9 to create a unified PIN standard with Troy Leach, Senior Vice President, of the PCI SSC and Steve Stevens, Executive Director of ASC X9. In response to industry feedback, the Accredited Standards Committee X9 Inc. (ASC X9) and the PCI Security Standards Council (PCI SSC) have recently completed a joint initiative to create one unified PIN Security Standard for payments stakeholders.
What is the unified PIN standard and why was it necessary?
Steve Stevens: In 2018, ASC X9 Financial Industry Standards (“X9”) entered into a long-term partnership with the PCI Security Standards Council (“PCI”) to combine the X9 TR 39 technical report with the PCI PIN Security – Requirements and Testing Procedures standard, the latter to be the surviving document, as having two PIN standards with different content was potentially confusing to the industry. Over the next months, members of X9 and PCI worked together to combine the two documents. The resulting document is version 3.0 of the PIN Security – Requirements and Testing Procedures standard, which was approved in August 2018. X9 will continue to partner with PCI on future versions of the standard. On November 18, 2019, X9 approved the withdrawal of X9 TR 39 from publication. Since all work for several years had been directed to the PCI standard, X9 TR 39 was out of date. The PCI standard can be downloaded here: PIN Security – Requirements and Testing Procedures standard.
What is the importance of having this unified standard?
Troy Leach: This is a significant win for the payments industry in that we now have greater clarity and consensus around a single PIN standard. We were thrilled to work collaboratively with ASC X9 on this important challenge. Our two organizations have always enjoyed a strong working relationship, and this is yet another example of us coming together to advance better payment security. The outcome of this effort is a simplified PIN standard and assessor program for payment card industry stakeholders.
Steve Stevens: In 2018 our two organizations came together and made this a joint priority. We agreed to work collaboratively through the PCI PIN Assessment Working Group to unify X9 TR 39 with the PCI PIN Security Standard. We can be very proud of the results from this talented group of subject matter experts. The new PCI PIN Standard simplifies network security audits, reducing the cost to the financial services industry. We look forward to continuing this effort into the future to ensure that the standard continues to meet the needs of the financial industry user base.