Visa is committed to protecting the Visa payment system which includes Visa cardholder PIN data. To that end, Visa created a PIN Security Program outlining compliance requirements with which acquirers, their merchants and/or their third party agents must comply. The baseline requirements for the Visa PIN Security Program Include:
When purchasing PIN entry devices, ensure you check they are on the Approved PIN Transaction Security (PTS) Devices list.
In addition to the PED requirements, Visa maintains a list of compromised PEDs that are an extension of the PED requirements.
- Visa’s TDES Requirements
Visa’s Triple Data Encryption Standard (TDES) requirements are:
- All ATMs must use TDES to protect pins
- All POS PIN acceptance devices must use TDES to protect pins
US only: Effective July 1, 2010, Automated Fuel Dispensers (AFDs) must use TDES or SDES DUKPT to protect pins.
Adherence to the requirements of the Visa PIN Security Program results in more than simply securing PIN data. Sound security practices help to protect organizations from adverse financial and reputational consequences often associated with PIN data compromises.