PCI Council Updates Payment Device Standard to Keep Up with Criminals
This latest version of the PCI PIN Transaction Security Point-of-Interaction Modular Security Requirements includes stronger security controls for payment devices to prevent physical tampering of payment devices and the installation of malware that can collect card data during payment transactions, according to the global forum responsible for the development, management, education and awareness of the PCI Data Security Standard and other standards that increase payment data security.
“We continue to see innovative skimming devices and new attack methods that put cardholder data at risk for fraud,” Troy Leach, PCI Council chief technology officer said in a news release. “Security must continue to evolve to defend against these threats. The newest PCI standard for payment devices recognizes this challenge by requiring protections against advancements in attack techniques.”
Specification requirements include that payment devices support firmware updates, be able to cryptographically authenticate the firmware and reject and delete the firmware if it’s not authentic. It’s also required that devices use tamper-detection and response tools that immediately render devices inoperable and erase sensitive data stored on them.