Compliance for PIN Data and
Key Management
Protect yourself and your customers when acquiring, processing and managing cardholder and transaction data.
Reflare’s strategic alliance with Dot.Bit delivers cost-effective PCI PIN solutions for your technologies and teams. Our integrated training and audit offering helps you achieve your compliance requirements.
Who is PCI PIN for?
The PCI PIN Security Standard is for acquirers and/or their agent(s) who handle or manage PIN data, those who are involved with key management that protect PINs associated with payment transactions, and those who are required to secure the management, processing, and transmission of PIN data at ATMs, POS terminals and attended payment points.
The Standard
PCI PIN represents a baseline of technical and operational requirements designed to protect cardholder data and is maintained by PCI Security Standards Council (PCI SSC) – a global forum for the ongoing development, enhancement, storage, dissemination and implementation of security standards for account data protection.
The three primary objectives of the standard are to;
- Identify the minimum-security requirements for PIN-based interchange transactions,
- Outline the minimum acceptable requirements for securing PINs and encryption keys, and
- Assist all retail electronic payment system parts.
The standard is organised into seven key components, referred to as ‘Control Objectives’, and each Control Objective has its own set of requirements. These requirements are intended for use by all acquiring institutions and agents (e.g., transaction processors, key-injection facilities and certification and registration authorities) responsible for PIN transaction processing on the payment card industry participants denominated accounts. Entities may be subject to different requirements in multiple sections, depending on the activities performed. Additionally, PCI PIN should be used in conjunction with industry specific security standards.
Entities may be subject to different requirements in multiple sections, depending on the activities performed. Additionally, PCI PIN should be used in conjunction with industry specific security standards.
The PCI PIN Standard is Enforced by All Major Payment Brands
This standard contains a complete set of requirements for the secure management, processing, and transmission of personal identification number (PIN) data during online and offline payment card transaction processing at ATMs and point-of-sale terminals. These PIN requirements are based on industry standards and are enforced by the major payment brands.
Why Should My Organisation be PCI PIN Compliant?
The answer is quite simple, keep your systems secure, and customers can trust you with their sensitive payment card information. When you stay compliant, you are part of the solution – a united, global response to fighting payment card data compromise.
How Do We Help?
The standard itself is quite detailed with its technical, organisational, and business requirements, which can raise quite a few questions and misinterpretations.
We remove PCI PIN compliance ambiguity. Our solution helps you become more secure and achieve compliant through:
- Understanding compliance and validation requirements of the current PCI PIN Security Standard,
- Identifying locations, processes, procedures, personnel, and equipment that need to be reviewed, and ensuring that it is factored into the overall timeline for the assessment,
- Engaging with the payment brands to ensure all aspects of your business are covered,
- Building an overall assessment plan and preparing you for the assessment,
- Conducting an onsite assessment, and
- Reporting and notifying the payment brands of your compliance status.
User Compliance
A key part of PCI PIN compliance is ensuring developers and administrators complete ongoing capability development activities. This is key to protecting both yourself and your customers when handling payment data. Reflare’s Certified Secure (RCS) user training programs ensure your training requirements are implemented with ease.
RCSA Curriculum
(Reflare Certified Secure Administrator)
-
Runs in the cloud
All of the lessons and challenges run entirely on Amazon's AWS infrastructure. This means we can scale to any number of users and you don't need to install any software.
-
Real world skills
We know that you can only maintain secure servers if you understand how weaknesses are abused. RCSA teaches trainees both the practical attack and defence skills needed to improve the quality of their work.
-
Per user licensing
You pay per trainee per training. No hidden fees or yearly costs for content updates. You decide if and when you want to retrain one of your developers.
-
Anyplace, Anytime
Allow your users to train at a time that suits them. On site, on the road or at home, all that is required is an internet connection in a modern HTML5 browser.
-
Track Progress
Add your trainee, set your completion date, and leave the rest to us. We take care of trainee commencement, tracking and deadline reminders. Your easy-to-use admin interface allows you to track group and individual developers' progress.
| RCSA Lessons for Administrators |
|---|
| Lesson 1: Introduction & How-To |
| Lesson 2: Understanding how attackers think |
| Lesson 3: Minimising Surface - Managing Ports |
| Lesson 4: Minimising Surface - Limiting Access |
| Lesson 5: Minimising Surface - Version Management |
| Lesson 6: Minimising Surface - Enforcing Secure Passwords |
| Lesson 7: Minimising Surface - Locking down SSH |
| Lesson 8: Minimising Surface - Unencrypted Services |
| Lesson 9: Incident Response - Preparations |
| Lesson 10: Incident Response - Detection |
| Lesson 11: Incident Response - Analysis |
| Lesson 12: Incident Response - Containment |
| Lesson 13: Incident Response - Eradication |
| Lesson 14: Incident Response - Recovery |
| Lesson 15: Summary & Closing Thoughts |
| Minimum time commitment to complete RCSA training: 3 hours 20 minutes. |
|---|
Advantages and Benefits
Our world-class PCI PIN compliance solutions aim to keep your systems secure.
Improve procedures
Whether you are managing ATMs, POS terminals, payment kiosks, or providing key management services for protecting PINs and PIN-based transactions, our PCI PIN services help you achieve compliance. We also provide a structured approach to assessments and including pre-audit and postaudit engagements to reduce the stress that comes with being placed on the spot.
Manage Compliance
We help you manage your PIN compliance with ease, reducing the risk of PIN data compromise during online and offline card-present transactions. Additionally, Reflare and Dot.Bit promote your compliance status with the payment brands. This allows you to focus less on the intricacies of compliance and more on the high-value activities that grow your business.
Develop Capability
Your developers hate their current IT security training. Don’t believe us? Just ask them! Most training platforms are static, tedious and end in a multiple-choice test devoid of any real-world application. For most users, security training programs are a nuisance, not a chance to improve their skills. Mapped to PCI talent compliance requirements, RCS training remains focused on trainee experience and applicability.
Reflare partners with leading organisations such as...
Get Started
Ready to learn more? We are here to help!
Message our team to book a virtual consultation.
Send us a direct message from your email account.
Please include the nature of your inquiry and contact
method you would prefer us to use to respond.
Email Us
To begin the proposal process, simply click below to access our enquiry form,
select your compliance requirements,
and one of our team members will be in touch
Get Started