Asia-Pacific Community Meeting speakers Sajal Islam, Audit Manager, UL, and David McGregor, Manager Melbourne PTS Lab, UL discuss PTS devices and P2PE solutions. Attend the next PCI SSC Community Meeting on 25 -27 in Las Vegas, Nevada to hear more insights from regional and global payment security experts.
Your presentation discusses the PCI PTS program- can you provide an overview of what this program is?
PCI PIN Transaction Security (PTS) is an approval program for specifically designed payment devices, such as payment terminals (PIN entry devices or PEDs, Unattended Payment Terminals or UPTs), components of payment terminals (Encrypting PIN Pads or EPPs, Secure Card Readers or SCRs) and Hardware Security Modules (HSMs) (including Key Loading Devices). Approval is granted to devices which have sufficient physical, logical and development security properties. It was initially targeted at protection of the PIN (hence the name PIN Transaction Security) but has now been extended to consider account data (secure reading and exchange of data or SRED).
What is the benefit of merchants using a listed PTS solution?
PCI PTS approved devices will ensure cardholder PIN is protected within the and during transmission outside the PTS approved payment device as per industry accepted cryptographic methods.
SRED module of the PCI PTS approved device, when enabled and active, encrypts primary account number (PAN) and track data as per industry accepted cryptographic methods as these are transmitted from the PTS approved payment device. Merchants using the SRED functionality of a PTS approved device, when that device is used as part of a PCI-approved P2PE solution, will find they have fewer applicable PCI DSS requirements.
What is a PCI P2PE solution?
P2PE stands for Point-to-Point Encryption. A PCI P2PE approved solution encrypts account data (e.g. PAN, track data) using strong cryptography between the PTS SRED approved payment device and the decryption environment (e.g. payment switch, acquirer).
How do merchants benefit from using a P2PE solution?
A PCI P2PE approved solution allows merchants to significantly reduce the number of applicable PCI DSS requirements (usually less than 30 out of 250+ requirements) for their card-present payment method.
What is one key takeaway you hope the audience at the Asia-Pacific Community Meeting comes away with?
How to select the right PCI PTS device or P2PE solution for your needs.
Want to hear more insights from regional and global payment security experts? Attend the next PCI SSC Community meeting on 25 -27 in Las Vegas, Nevada.
Register to attend here: NACM Registration