The council that administers the Payment Card Industry Data Security Standard has released new requirements that vendors of payment card devices will be expected to incorporate into their products going forward, according to a report by Computerworld. The new requirements are in the latest version of the council’s PIN Transaction Security (PTS) requirements and are designed to bolster security on retail point-of-sale card readers and unattended kiosks and payment terminals, such as those found at airports and gas stations. Version 3.0 of the PCI council’s PTS includes three new modules to secure sensitive card data for device vendors and their customers. One of the modules contains requirements pertaining to the secure reading and exchange of data on payment-card devices. The requirements would enable the secure reading and encryption of sensitive cardholder data at the point where a credit or debit card is swiped. A second module spells out the security standards that device vendors will be expected to follow while integrating all of the different components that make up an unattended point-of-sale device that accepts PIN-based debit-card transactions. The third module, called Open Protocols, contains a set of new requirements related to wireless-enabled payment-card devices.
Email your observations on PCI changes to firstname.lastname@example.org