The successful conduct of online transactions relies on effective merchant services, just as it does in any cashless sale in a bricks and mortar establishment. Although such services include gift cards, loyalty programs, electronic transfer and automated clearing house functions, the most common merchant solution is the processing of debit and credit card payments. A merchant solution provider is the crucial intermediary that facilitates the transfer of funds and, as such, is obliged to observe the highest standards of security. The Personal Identification Number (PIN) has existed since the 1960s when it was used in ATMs for cash withdrawals but today it occupies a much more central position in commerce, on the high street and of course online.
The standards for PIN security are set by the Payment Card Industry Security Standards Council (PCI SSC), a global, industry-wide body that in 2006 assumed responsibility for regulation of the card industry, combining the disparate programs then operated by individual card companies. The PCI SSC does not have statutory status which probably accounts for its flexibility and responsiveness. The possibility of reaching legislative agreement between every national government on this issue seems remote and the system now in place is efficient and reliable. If you are conducting online transactions then, directly or indirectly, your business falls under the jurisdiction of the PCI SSC and its PCI PIN requirements.
Which activities are regulated by PCI PIN?
PCI PIN assessment
In order to comply with PCI PSS requirements, any company that performs a qualifying activity needs not only to meet the standards but also to demonstrate that it is meeting them. This is where the role of a PCI PIN Security Assessor is crucial. A PCI PIN assessment is a thorough audit of a company’s security arrangements in managing, processing and transmitting PIN data. This applies to both online and offline transactions. It assesses the effectiveness of encryption measures, the security of the hardware used in transactions and the network security of the database where all sensitive information is stored. It is a complex process because it involves analysis of the front end, the decryption procedures and the storage environment. A PCI PIN assessment is required every two years.
If your business is engaged in the processing of card transactions through any medium, it is your responsibility to comply with these standards. It may seem onerous but it is necessary and unavoidable. Appointing an experienced, professional PCI PIN security assessor will make the process as quick and painless as possible. You may be accustomed to the format of a PCI DSS compliance assessment, but you should be aware that a PIN assessment report can be ten times the size, because it extends into every aspect of your network structures, customer interface, merchant services relationship, IT management and digital security regime. Gradeon has the experience and knowledge to conduct a PIN security assessment that meets every requirement laid down by the Security Standards Council and you can rest assured that our thorough reporting will enable you to maintain your approved status with every payment card industry member the world over.