While PCI DSS compliance is required by a number of payment system regulators (such as Visa, MasterCard, American Express, Discover Financial Services, JCB International, UnionPay), only Visa requires compliance with PCI PIN Security.

PCI PIN Security defines technical and procedural controls designed to assist in the secure management, processing and transmission of cardholder PIN data when processing payment card transactions online and/or offline at ATMs and POS terminals.

PCI PIN Security is primarily focused on protecting PINs at all stages of their “life”. From the moment of entering at an ATM or POS terminal to the moment of transaction processing by the issuing bank or acquirer (their payment systems).

This certification is required for all organizations responsible for processing transactions containing PINs, whether — or! — performing initial setup and/or maintenance of ATMs and POS terminals.

Modern companies are guided by the principles of a risk-oriented approach. It is important to always understand that reputational and financial losses in the event of an incident with ATMs and/or POS terminals can be significantly higher than the cost of achieving compliance with the PCI PIN Security standard. Having achieved compliance once, it is only necessary to maintain this level and general changes in the cybersecurity market in the future, which is cheaper.

Unlike PCI DSS, PCI PIN Security certification needs to be maintained biennially (PCI DSS — annually).

Having undergone the PCI PIN Security certification procedure, a company receives a Certificate of Compliance, as well as a completed and validated Report on Compliance (RoC) and Attestation of Compliance (AoC), which should be submitted to Visa upon request.