Card Production and Provisioning – Physical


Card Production and Provisioning - Physical Security Requirements

This standard provides the physical security requirements for card production and provisioning functions to protect payment card material. This addresses physical security requirements for entities involved in card production and provisioning, which may include manufacturers, personalizers, pre-personalizers, chip embedders, data-preparation, and fulfillment.  It also includes the physical security requirements for entities that:

  • Perform cloud-based or secure element (SE) provisioning services
  • Manage over-the-air (OTA) personalization, lifecycle management, and preparation of personalization data
  • Manage associated cryptographic keys

Important Information


Intended Audience

For entities that perform card production and provisioning activities at the request of the payment brands, including manufacturers; personalizers; pre-personalizers; chip embedders, data preparation; card storing; shipping and mailing, cloud-based or secure element provisioning services; managing over-the-air (OTA) personalization, lifecycle management, preparation of personalization data; and managing associated cryptographic keys.


Card Production and Provisioning - Physical Security Requirements Documents

Find all of the related documents in the PCI SSC Document Library.


Listings & Professionals

There is no product listing for Card Production and Provisioning – Physical Security Requirements.

Card Production Security Assessors–Physical (CPSA-P) are qualified and trained by PCI SSC to perform independent assessments of card production environments against the Card Production and Provisioning–Physical Security Requirements and in accordance with the CPSA Program Guide.


Training Information

Perform assessments in accordance with the PCI Card Production and Provisioning Standards

The Payment Card Industry Professional is an individual, entry-level certification in payment security information and provides you with the understanding to help your organization build a secure payment environment. Becoming a PCIP demonstrates a level of understanding that can provide a strong foundation for a career in the payments security industry.

Knowledge Training courses are designed to bridge the knowledge gap between organizations and assessors by providing learning opportunities for individuals to take the same training and exam as the Assessor. Upon successful completion of training, learners will be given an acknowledgement of completion as well as the option to complete the exam and receive a digital badge.

Get your team trained together! We are pleased to offer all our PCI training programs as either in-person or remote Instructor-led eLearning. Learn directly from an instructor with hands-on experience in the field of payments security. Your organization will receive all the benefits of an instructor-led training class, at a time and place most convenient for you and your staff.

Compliance programs for all PCI SSC standards are managed by the payment brands. Questions about which entities need to validate compliance to any PCI SSC standard, or whether use of a PCI-listed product is required and for which entities, should be referred to the payment brands. Contact information for the payment brands is in FAQ #1142.