The PCI (Payment Card Industry) Council has updated its payment device standard. The PCI say that’s to enable stronger protections for card-holder data, which includes the PIN (Personal Identification Number) and the card-holder data (on magnetic stripe or the chip of an EMV card) stored on the card or on a mobile device.
Specifically, version 5.0 of the PCI PIN Transaction Security (PTS) Point-of-Interaction (POI) Modular Security Requirements emphasises more robust security controls for payment devices to prevent physical tampering and the insertion of malware that can compromise card data during payment transactions.
The PCI says that the updates are designed to stay ahead of criminals who continue to develop new ways to steal credit and debit card data from cash machines, in-store and unattended terminals and mobile devices used for payment transactions. Payment devices that directly consume magnetic stripe information from customers remain a top target for data theft, according to the 2016 Data Breach Investigation Report from Verizon.
PCI Security Standards Council Chief Technology Officer Troy Leach said: “Criminals constantly attempt to break security controls to find ways to exploit data. We continue to see innovative skimming devices and new attack methods that put card-holder data at risk for fraud. Security must continue to evolve to defend against these threats. The newest PCI standard for payment devices recognises this challenge by requiring protections against advancements in attack techniques.”
Visit https://www.pcisecuritystandards.org/.
