The PCI Security Standards Council released a unified PIN Transaction Security (PTS) standard yesterday under the title Point Of Interaction (POI) Modular Security Requirements.  The new PTS POI unified what was previously three separate standards: the Unattended Payment Terminal (UPT) Security Requirements, POS PIN Entry Device Security Requirements, and the Encrypting PIN Pad (EPP) Security Requirements which now sunset on May 12, 2011.

According to the release:

The standard introduces a new modular approach for testing all PTS points of interaction, which includes two new optional modules in addition to minor updates to the existing requirements. The Open Protocols module addresses the security of PIN Entry POI devices that utilize external connectivity, and the Secure Reading and Exchange of Data (SRED) module is designed for ensuring cardholder account data protection.

Commerce bank card 2, by The Consumerist

What does this mean for manufacturers of “POI devices?”  For one, there is one place to go for all of the relevant requirements for your device.  If nothing else, that’s worth the effort from the Council.  Merchants are largely not affected by this change, however, they should ensure that any planned hardware refresh takes the new standard into account. Don’t expect vendors to start incorporating required changes until new products are released next year.

For more information, visit the PCI Security Standards Council website.

This post originally appeared on

Possibly Related Posts: