NEW SECURITY REQUIREMENTS FOR ATM AND POS INTRODUCED BY PCI-PIN V3: TR-31 and TR-34
Lusis Payments is committed to providing our clients with helpful information to remain ahead of the curve on topics such as new compliance requirements or guidelines in the payments industry. The following is a brief summary of the new security requirements that were introduced by PCI-PIN V3 that merges requirements from the PCI Security Standards Council (PCI SCC) and the Accredited Standards Committee X9 Inc (ASC X9) to create one unified PIN Security Standard for payments stakeholders. There are two evolutions that have emerged from the standards that will introduce a massive change in ATM and POS remote key management. They are ASC X9 TR-31 and TR-34.
X9 TR-31 TR-31 is a Technical Report. Technical Reports are different from standards, which are mandatory sets of rules that must be adhered to. Technical Reports are not mandatory but do provide guidance to those who are implementing the standards. TR-31 is a method that is consistent with the requirements of the ANS X9.24-1 standard for the secure exchange of keys and other sensitive data between two devices that share a symmetric key exchange. No other specific methods have been defined by the standards committee, therefore the TR-31 method has become the adopted standard through which financial organizations will exchange keys. The TR-31 key block has a set of defined key rules.