PCI Security Standards Council®

Return to Newsroom

PRESS RELEASE

PCI Security Standards Council Updates Standard for Device Security

Changes aimed to support a range of environments, technologies, and methodologies for achieving security

WAKEFIELD, Mass., 16 June 2020 — The PCI Security Standards Council has updated the standard for payment devices to enable stronger protections for cardholder data. The PCI PIN Transaction Security (PTS) Point-of-Interaction (POI) Modular Security Requirements v6.0 enhances security controls to defend against physical tampering and the insertion of malware that can compromise card data during payment transactions. Updates are designed to meet the accelerating changes of payment device technology, while providing protections against criminals who continue to develop new ways to steal payment card data.

“Payment technology is advancing at a rapid pace,” says Emma Sutcliffe, SVP, Standards Officer at PCI SSC. “The changes to this standard will facilitate design flexibility for payment devices while advancing the standard to help mitigate the evolving threat environment.”

Established to protect PINs (Personal Identification Numbers) and the cardholder data stored on the card (on magnetic stripe or the chip of an EMV card) or used in conjunction with a mobile device, PTS POI Version 6.0 reorganizes the requirements and introduces changes that include:

“Feedback from our global stakeholders, along with changes in payments, technology and security is driving the changes to this standard,” said Troy Leach, SVP at PCI SSC. “It’s with participation from the payments industry that the Council is able to produce standards that are relevant and enhance global payment card security.”

The following documents related to the PTS POI v6.0 Standard can be found at in the PCI SSC document library:

Vendors can begin using PCI PTS POI Modular Security Requirements v6.0 now for payment device evaluations. Version 5.1 will retire in June 2021 for evaluations of new payment devices.

A list of PCI approved PTS devices tested against the PCI PTS POI Modular Security Requirements is available on the PCI Council website for businesses to choose equipment that is verified to protect their customers’ cardholder information in accordance with PCI Standards.

About the PCI Security Standards Council
The PCI Security Standards Council (PCI SSC) leads a global, cross-industry effort to increase payment security by providing industry-driven, flexible and effective data security standards and programs that help businesses detect, mitigate and prevent cyberattacks and breaches. Connect with the PCI SSC on LinkedIn. Join the conversation on Twitter @PCISSC. Subscribe to the PCI Perspectives Blog.

###

Our website uses both essential and non-essential cookies (further described in our Privacy Policy) to analyze use of our products and services. By clicking “ACCEPT” below, you are agreeing to our use of non-essential cookies to provide third parties with information about your usage and activities. If you click “DECLINE” below, we will continue to use essential cookies for the operation of the website.