/Laboratories/GLOBAL/Services/PCI-PTS-Security-Evaluations

Applus+ Laboratories is accredited by PCI SSC to evaluate the security of POI and HSM and ensure they comply with the PCI PTS standard. 

What is Payment Card Industry Security Standard Council (PCI SSC)?

The PCI Security Standards Council is a global organization that maintains, evolves and promotes Payment Card Industry standards for the safety of cardholder data across the globe. The Council was founded in 2006 by American Express, Discover, JCB International, Mastercard and Visa Inc., who share equally in ownership, governance, and execution of the Council's work. UnionPay joined PCI SSC as Strategic Member in 2020. 
 

What is PCI PTS? 

PIN Transaction Security, or PTS, is a set of logical and physical security evaluations established by the Payment Card Industry Security Standard Council (PCI SSC) to protect the cardholder data at the point of interaction (POI) and hardware security module (HSM). 

PCI uses the Approval Class to ensure that its payment security device approvals accurately describe today’s ever-evolving designs, architectures, and implementations.

POI Approval Class 

  • EPP Encrypted pin pad 
  • Non PIN entry device (Non-PED)
  • PIN entry device (PED)
  • Secure Card Reader (SCR)
  • Secure Card Reader PIN (SCRP)
  • Unattended payment terminal (UPT)

 

HSM Approval Class

  • Hardware security module (HSM)
  • Key-Loading Device (KLD)
  • Remote Administration Platform (RAD)

 

What is the importance of obtaining the PCI PTS certification? 

The payment market chooses to work with reliable companies, where trust is the most important parameter that all companies should be able to maintain. As they must keep their systems secured, the question remains as how to assure this trustworthiness. PCI PTS is tailored for this; certification is the best way to show your product is reliable. This can be accomplished by performing a series of security evaluations, which includes HSM for securing key data management and payment terminals for the payment account data. 

The development of new payment methods has accelerated in parallel with a growing threat from cyber-attacks targeting businesses with attended and unattended terminals. Card POI without PCI standard might show the unencrypted and plain data that could possibly lead to data breach, and heavily erode the customer’s trust in the merchants’ credibility. Reflecting this urgency, PCI mandates the issuers, acquirers, and merchants to choose PCI PTS Devices in their business environment, which allows these devices to transmit and validate the cardholder’s confidential information. 

In summary, all the stakeholders who intend to work with the main payment schemes in order to sell HSM and POI terminals are obliged to ensure their products are PCI accredited.

How can Applus+ Laboratories help to prevent fraud payment? 

Applus+ Laboratories, accredited by PCI SSC, validates the compliance of terminals and HSMs with PTS Standard. We offer complete services to promote the full protection at the Point-of-Sales and Hardware Secure Modules by ensuring the devices are fully compliant with PCI regulation. Backed by security experts, we aim to support the client in achieving secured payment acceptances, from preliminary assessment, to guidance on the requirement, and to the formal evaluation. 

Following the mandates of PCI SSC that POI’s EMVCo Type Approval should be performed prior to the PCI Approval, our clients can also choose the option to do both functional and security evaluations with us.

For devices marketed in the UK and Germany, as Common Criteria (CC) is an imperative requirement, Applus+ Laboratories can be your one-stop shop, integrating PCI, Common.SECC and EMVCo functional requirements in order to speed up all product certification processes.
 

Applus+ uses first-party and third-party cookies for analytical purposes and to show you personalized advertising based on a profile drawn up based on your browsing habits (eg. visited websites). Click HERE for more information. You can accept all cookies by pressing the "Accept" button or configure or reject their use by clicking here.

Cookie settings panel