PCI PIN

GET PIN DATA SECURITY INSIGHT FROM INDUSTRY-CERTIFIED CONSULTANTS.

As a Payment Card Industry Qualified PIN Assessor (PCI QPA) Company, Sikich is authorized to validate your organization’s adherence to the PCI PIN Security Requirements maintained by the PCI Security Standards Council (PCI SSC). The PCI SSC developed the requirements for “the secure management, processing, and transmission of personal identification number (PIN) data during online and offline payment card transaction processing at ATMs and attended and unattended point-of-sale (POS) terminals.”

WHO NEEDS IT

The PCI PIN Security Requirements apply to “acquiring institutions and agents (e.g., key-injection facilities and certificate processors) responsible for PIN transaction processing.” The requirements relevant to your organization depend upon which of the following activities your organization performs:

  • Transaction processing operations – Acquisition and/or processing of PIN-based transactions
  • Symmetric key distribution using asymmetric keys – Implementation of symmetric key distribution using asymmetric keys (remote key distribution) or operation of Certification Authorities (CAs) for such purposes
  • Key injection – Operation of key-injection facilities (KIFs) for the injection of keys (e.g., key-encipherment keys (KEKs), PIN-encipherment keys (PEKs)) used for the acquisition of PIN data

WHAT WE DO

The Sikich QPA team takes a consultative approach to each PCI PIN security assessment that it conducts. Throughout an assessment, our experts are able to offer well-rounded and thoroughly considered guidance based on a breadth of experience that includes work performed across not only all areas covered by the PCI standards, but also numerous other cybersecurity and compliance frameworks.

Your Sikich assessment team will work with you to: review system configurations, security settings, policies and procedures; conduct interviews with technical, management, legal and human resource staff members; and observe staff daily duties and responsibilities to determine if the methodologies in place for managing, processing and transmitting PIN data meet the PCI PIN Security Requirements. Sikich can then offer customized guidance based on your organization’s goals and capabilities for addressing any gaps identified. The results of your assessment will be documented within a PIN Report on Compliance (ROC) and the accompanying PIN Attestation of Compliance (AOC).

SECURE YOUR PIN DATA WITH HELP FROM UNIQUELY QUALIFIED EXPERTS.

All it takes is your name and phone number or email address to learn more about our services and expertise. If you’d like, you’ll also be able to send additional details after you submit your information here.

  • This field is for validation purposes and should be left unchanged.