PCI PIN Security Standard

Compliance for PIN Data and
Key Management

Protect yourself and your customers when acquiring, processing and managing cardholder and transaction data.

Reflare’s strategic alliance with Dot.Bit delivers cost-effective PCI PIN solutions for your technologies and teams. Our integrated training and audit offering helps you achieve your compliance requirements.

The Standard

PCI PIN represents a baseline of technical and operational requirements designed to protect cardholder data and is maintained by PCI Security Standards Council (PCI SSC) – a global forum for the ongoing development, enhancement, storage, dissemination and implementation of security standards for account data protection.

The three primary objectives of the standard are to;

  1. Identify the minimum-security requirements for PIN-based interchange transactions,
  2. Outline the minimum acceptable requirements for securing PINs and encryption keys, and
  3. Assist all retail electronic payment system parts.

The standard is organised into seven key components, referred to as ‘Control Objectives’, and each Control Objective has its own set of requirements. These requirements are intended for use by all acquiring institutions and agents (e.g., transaction processors, key-injection facilities and certification and registration authorities) responsible for PIN transaction processing on the payment card industry participants denominated accounts. Entities may be subject to different requirements in multiple sections, depending on the activities performed. Additionally, PCI PIN should be used in conjunction with industry specific security standards.

Entities may be subject to different requirements in multiple sections, depending on the activities performed. Additionally, PCI PIN should be used in conjunction with industry specific security standards.

How Do We Help?

The standard itself is quite detailed with its technical, organisational, and business requirements, which can raise quite a few questions and misinterpretations.

We remove PCI PIN compliance ambiguity. Our solution helps you become more secure and achieve compliant through:

  • Understanding compliance and validation requirements of the current PCI PIN Security Standard,
  • Identifying locations, processes, procedures, personnel, and equipment that need to be reviewed, and ensuring that it is factored into the overall timeline for the assessment,
  • Engaging with the payment brands to ensure all aspects of your business are covered,
  • Building an overall assessment plan and preparing you for the assessment,
  • Conducting an onsite assessment, and
  • Reporting and notifying the payment brands of your compliance status.

User Compliance

A key part of PCI PIN compliance is ensuring developers and administrators complete ongoing capability development activities. This is key to protecting both yourself and your customers when handling payment data. Reflare’s Certified Secure (RCS) user training programs ensure your training requirements are implemented with ease.

RCSA Curriculum

(Reflare Certified Secure Administrator)

  • Upload Icon

    Runs in the cloud

    All of the lessons and challenges run entirely on Amazon's AWS infrastructure. This means we can scale to any number of users and you don't need to install any software.

  • Flag Icon

    Real world skills

    We know that you can only maintain secure servers if you understand how weaknesses are abused. RCSA teaches trainees both the practical attack and defence skills needed to improve the quality of their work.

  • Money Icon

    Per user licensing

    You pay per trainee per training. No hidden fees or yearly costs for content updates. You decide if and when you want to retrain one of your developers.

  • World Icon

    Anyplace, Anytime

    Allow your users to train at a time that suits them. On site, on the road or at home, all that is required is an internet connection in a modern HTML5 browser.

  • Statistics Icon

    Track Progress

    Add your trainee, set your completion date, and leave the rest to us. We take care of trainee commencement, tracking and deadline reminders. Your easy-to-use admin interface allows you to track group and individual developers' progress.

RCSA Lessons for Administrators
Lesson 1: Introduction & How-To
Lesson 2: Understanding how attackers think
Lesson 3: Minimising Surface - Managing Ports
Lesson 4: Minimising Surface - Limiting Access
Lesson 5: Minimising Surface - Version Management
Lesson 6: Minimising Surface - Enforcing Secure Passwords
Lesson 7: Minimising Surface - Locking down SSH
Lesson 8: Minimising Surface - Unencrypted Services
Lesson 9: Incident Response - Preparations
Lesson 10: Incident Response - Detection
Lesson 11: Incident Response - Analysis
Lesson 12: Incident Response - Containment
Lesson 13: Incident Response - Eradication
Lesson 14: Incident Response - Recovery
Lesson 15: Summary & Closing Thoughts
Minimum time commitment to complete RCSA training: 3 hours 20 minutes.

Advantages and Benefits

Our world-class PCI PIN compliance solutions aim to keep your systems secure.

Reflare partners with leading organisations such as...

Get Started

Ready to learn more? We are here to help!
Message our team to book a virtual consultation.

Send us a direct message from your email account.
Please include the nature of your inquiry and contact
method you would prefer us to use to respond.

Email Us

To begin the proposal process, simply click below to access our enquiry form,
select your compliance requirements,
and one of our team members will be in touch

Get Started