From 5 October to 3 November 2021, eligible PCI SSC stakeholders are invited to review and provide feedback on the PTS POI Modular Security Requirements v6.1 draft during a 30-day request for comments (RFC) period. The full list of stakeholders eligible to participate can be found on the PCI SSC RFC webpage.
The RFC will be available to primary contacts through the PCI SSC portal, including instructions on how to access the document and submit feedback. Eligible stakeholders will also receive instructions via email. As a reminder, participants are required to accept a Non-Disclosure Agreement (NDA) to download the document. Please review the RFC Process Guide for more information.
Please note that PCI SSC can only accept comments that are submitted via the PCI SSC portal and received within the defined RFC period.
Background on the PTS POI Modular Security Requirements v6.1
The PCI PTS POI Modular Security Requirements enhances security controls to defend against physical tampering and the insertion of malware that can compromise card data during payment transactions. The updates in the RFC are designed to address industry needs by:
- Updated criteria on PAN truncation/encryption to accommodate 8-digit BINs
- Added criteria for use of unauthenticated wireless communications
- Updated cryptographic check value language
- Added EdDSA as an approved cryptographic algorithm for digital signatures
Please review the RFC Process Guide and our resource guide: What to Know Before Participating in a PCI SSC RFC for more information on the PCI SSC RFC process.