PASS

PCI PIN
FlyKey passed PCI PIN

1.Introduction of PCI PIN

PCI PIN standard contains a complete set of requirements for the secure management, processing, and transmission of personal identification number (PIN) data during online and offline payment card transaction processing at ATMs and point-of-sale (POS) terminals.

PCI PIN requirements are intended for use by all acquiring institutions and agents (e.g., key-injection facilities and certificate processors) responsible for PIN transaction processing on the payment card industry participants’ denominated accounts and should be used in conjunction with other applicable industry standards.The individual payment brands are responsible for defining and managing compliance programs associated with these requirements as below.

2.Transaction Processing Operations

Control Objective 1: PINs used in transactions governed by these requirements are processed using equipment and methodologies that ensure they are kept secure.

Control Objective 2:Cryptographic keys used for PIN encryption/decryption and related key management are created using processes that ensure that it is not possible to predict any key or determine that certain keys are more probable than other keys.

Control Objective 3:Keys are conveyed or transmitted in a secure manner.

Control Objective 4:Key-loading to HSMs and POI PIN-acceptance devices is handled in a secure manner.

Control Objective 5:Keys are used in a manner that prevents or detects their unauthorized usage.

Control Objective 6:Keys are administered in a secure manner.

Control Objective 7:Equipment used to process PINs and keys is managed in a secure manner.

3.Symmetric Key Distribution using Asymmetric Techniques

A1 – Remote Key Distribution Using Asymmetric Techniques Operations (Control Objective 1/2/3/4/5/6)
A2 – Certification and Registration Authority Operations (Control Objective 3/4/5/6/7)