Date: March 15, 2010
PCI POS Pin-Entry Device Security Requirements.
Effective Date: June 16, 2010
The confidentiality of cardholder Personal Identification Numbers (PINs) when used at point-of-sale (POS) PIN-Entry Devices (PEDs) depends on the full compliance of all payment system participants with the Payment Card Industry (PCI) PIN Security Requirements. To ensure the continued secure protection of PIN-based transactions, Visa established requirements for the use of Triple Data Encryption Standard (TDES) for PIN encryption at all POS PEDs. Effective July 1, 2010, all Interlink-accepting POS PEDs and host systems must use TDES for the protection of PINs.
To prevent any interruption to your business, Bankcard Services will be on hand to make this transition as easy as possible. Until the target date of July 01, 2010, Bankcard Services plan on converting all Pin Devices to TDES Encrypted Pin Devices. If you have received this letter, you have been listed on our system that your pin device(s) are not encrypted with the TDES encryption. If the Pin Device(s) have been updated or if you want to check the status of your Pin Device(s), please notify our Customer Service Department at 1-888-339-0100. We ask for your support and patience with the transition.
In order to help you to make this transition as easy as possible, Bankcard Services have created two options. If you are willing to commit to such an option, please notify Bankcard Services by 04/15/2010. If no actions were taken by 04/15/2010, Bankcard Services may terminate your Debit account or assess a TDES Pin device exchange fee to protect you from PCI violations. In order to prevent the inconvenience, please contact our Customer Service Department immediately.
All Debit Merchants
For your better understandings, here are some examples you may refer to.
If you are using the Free Rental Devices issued by Bankcard Services or are using the Pin Device(s) that you have purchased, please from the following option.
Merchant Operations Team
Free Rental or Renewal – Renew the 2 year contract with Bankcard Services and receive a FREE TDES Encrypted Pin Device. The terms will not be added to the previous term.
Purchase - If you are not comfortable with doing a yearly commitment then we can offer the TDES Pin Device from BCS at low cost of $79.95 plus tax & shipping.
You may purchase the PCI Compliant Pin Device at another Vendor, but additional $35 BCS encryption fee will apply.
Additional information on TDES, as well as PCI PIN Security Requirements, Key Management and PED security, may be found in the following Visa publications and on Visa websites. In addition, Visa offers ongoing Key Management Workshops. For more information on these workshops, e-mail firstname.lastname@example.org.
- For a listing of Visa's global TDES usage mandates go to www.visa.com/pin.
- For the PCI PIN Security Requirements manual and the Visa Auditor's Guide to PIN Security go to www.visa.com/pinsecurity.
- For the most recent listing of PCI-approved PIN-entry devices and other testing and PED security program information, visit www.pcisecuritystandards.org/pin.
- For PCI POS and EPP PIN Entry Device Security Requirements manuals, visit www.pcisecuritystandards.org/pin.