From 18 December 2017 to 17 January 2018, PCI SSC stakeholders have the opportunity to review and provide feedback on the next version of the PCI PTS POI Modular Security Requirements and Testing Procedures.
Payment terminal manufacturers use the PCI PIN Transaction Security Point-of-Interaction Security Requirements (PTS POI) to ensure ATMs, unattended kiosks, mobile dongles and point of sale (POS) devices accept and process payment cards securely.
The PCI SSC is updating the PCI PTS POI Modular Security Requirements and Testing Procedures for release later in 2018.
Updates will include but are not limited to:
- Changes made in recognition of the new Secure Card Reader PIN approval class;
- The addition of an annual attestation by PTS vendors to attest that all changes requiring laboratory evaluation have been submitted and to provide evidentiary matter that an auditable record of an ongoing vulnerability assessment process exists by providing a copy of the vendor’s sign-off form specified in Requirement G1;
- Other clarifications and errata.
As part of the standards development process, PCI Participating Organizations, Affiliate and Strategic Members, PCI Recognized Labs, PTS vendors and Qualified Security Assessors (QSA) are invited to review and provide feedback on the draft documents listed below:
- PCI POI Modular Security Requirements
- PCI POI Modular Derived Test Requirements
- PCI POI Modular Evaluation Vendor Questionnaire
- PTS Device Testing and Approval Program Guide
- PTS Attestation of Validation
The comment period runs from 18 December 2017 to 17 January 2018.