PCI PIN Services

PIN security stands at the heart of many card present processing systems. Strong cryptographic methods and systems are used to securely capture and process PIN data worldwide.

Overview

Throughout the processing of online and offline payment card transactions at ATMs and POS terminals, the management, processing and transmission of personal identification number (PIN) data must meet certain security requirements as explicitly instructed by PCI. This particular set of requirements of PCI especially targets the acquiring institutions and agents which are in-charge of PIN transaction processing.

As mandated, acquirers must keep a summary listing of the cryptographic keys used for the acquiring and processing of PIN data including keys used by POI devices, HSMs, etc. UL performs physical, logical as well as IP protocol and secure data encryption assessments of these devices. We strive to offer local support to our customers when possible, and we have several evaluation and technical support facilities around the world. 

UL is accredited by Visa Inc. to perform Visa PIN Security Onsite Assessments based on PCI PIN compliance. This is a mandated program for third party organizations the processor support PIN processing include encryption support organization and key injection facilities.

Benefits

  • UL has an advanced understanding of the various requirements of networks. We maintain detailed awareness of current industry best practice in the area of PIN security and associated compliance matters, e.g. management.
  • UL's security reviews are thorough and mindful of clients' business requirements. Where change is required, we always seek the best value-driven solution that provides top-level security in a time and cost-efficient manner.
  • UL collaborated with Visa to develop the first PIN Entry Device (PED) testing requirements; this enabled us to become the first PCI PIN Transaction Security Laboratory, and the only domestic organization with said credentials.

Services Include

PCI PIN Audit

Many payment systems require regular certification of active PIN security systems. 

For banking clients, our PIN security audit service offers real-world knowledge and experience to their internal audit staff. We have worked with a large number of banks all over the world, completing individual audits and establishing ongoing compliance programs.

PCI PIN Advisory

UL provides expert QSA (Qualified Security Assessor) advice on wide range of areas to assist entities in their PCI PIN compliance journey. Advisory services include close consultation with PCI to assess how the requirements specifically apply to your product.

Get in touch