The PCI Security Standards Council has released a new version of the PIN Transaction Security (PTS) Point of Interaction (POI) requirements to enhance the security of payment cards.
According to the council, POI devices (such as PIN entry machines) are particularly targeted as they are the primary method by which credit payment cards are accepted and processed.
The newly released Version 4.0 of the PTS POI requirements will help to increase the "robustness" of the devices in an effort to improve security measures for consumers, by using stronger testing procedures and improving the evaluation and reporting process.
"The PTS POI requirements are critical to securing POI devices," said Bob Russo, general manager at the PCI council.
"By continually enhancing the robustness of the program's testing criteria we can ensure that these products are being tested and validated against the highest level of security."
The requirements for POI devices are updated every three years, utilising feedback from the PCI community.
There are several key changes involved in this newest version, which include a restructured open protocols module, enhanced interface testing and logical security requirements, and added source code reviews.
In addition to these measures, a new vendor-provided security policy has been introduced to help facilitate the implementation of an approved POI device in a way that fulfills the POI requirements.
The new policy provides guidance on management and administrative responsibilities, device functionality, identification and even environmental requirements.
Financial information such as payment card data is highly sensitive, with security breaches in this area often having a lasting impact on the customer relationship.
If your organisation accepts payment card data from your customers, it's critical to ensure that you are achieving PCI compliance.
Strengthening your security policies can help to prevent and mitigate the effects of a cyber attack, especially for sensitive data such as payment card information.
Securus Global is a trusted security consulting firm that provides specialist security testing and other services (such as penetration testing) for a range of organisations.
They are highly experienced at helping businesses achieve compliance with the PCI DSS, with a qualified Business Solutions and Compliance Team able to help develop compliance programs for organisations.
Their services are very flexible and able to be tailored specifically to your own company's needs, so you benefit from specialised guidance.