Today, PCI SSC has published PCI PIN Transaction Security (PTS) Point-of-Interaction (POI) Modular Security Requirements v6.0. Updates are designed to meet the accelerating changes of payment device technology, while providing protections against criminals who continue to develop new ways to steal payment card data.
Established to protect PINs (Personal Identification Numbers) and the cardholder data stored on the card (on magnetic stripe or the chip of an EMV card) or used in conjunction with a mobile device, PTS POI Version 6.0 reorganizes the requirements and introduces changes that include:
- Restructuring modules into Physical and Logical, Integration, Communications and Interfaces, and Life Cycle to reflect the diversity of devices supported under the standard and the application of requirements based upon their individual characteristics and functionalities.
- Limiting firmware approval timeframes to three years to help ensure ongoing protection against evolving vulnerabilities.
- Requiring devices that accept EMV enabled cards to support Elliptic Curve Cryptography (ECC) to help facilitate the EMV migration to a more robust level of cryptography.
- Enhancing support for the acceptance of magnetic stripe cards in mobile payments using solutions that follow the Software-Based PIN Entry on COTS (SPoC) Standard.
The following documents related to the PTS POI v6.0 Standard can be found at in the PCI SSC document library:
- PCI PTS POI Summary of Changes from v5.1 to v6.0
- PCI PTS POI Modular Derived Test Requirements
- PCI PTS Device Testing and Approval Program Guide
- PCI PTS POI Technical FAQs