Standards bodies unite on PIN security

Register now

In a case where two payments security heads are better than one, Accredited Standards Committee X9 Inc. and the PCI Security Standards Council have agreed to create one unified PIN security standard for payments stakeholders.

Industry feedback seeking better efficiencies sparked this change for a common standard, as currently both PCI and X9 have maintained separate PIN security standards. Consolidation will provide simplification and reduce the effort organizations might have to put into compliance with both.

The change "could be a very positive thing," said Mark Horwedel, CEO of the Merchant Advisory Group, an organization that has long called for more extensive use of PIN security to complement EMV, and also for open, common standards in all facets of payments.

While saying his organization still needed to learn more about the joint initiative on the PIN standard, Horwedel sensed that it is a positive development for payment security.

"What we are seeing here is PCI working with X9 to be more open, which would be good in allowing this information to be made available to the public for scrutiny," Horwedel said. "If this also would allow the participants like merchants and the domestic networks to become part of the process, that would be great."

The goal of this joint initiative will be to help create a single PIN security standard and assessor qualification program to be managed by the PCI SSC. A newly formed PCI PIN Assessment Working Group, made up of X9, PCI and payment brand representatives, will collaborate to ensure the resulting standard satisfies both PCI and X9 requirements, the organizations revealed last week.

"We are thrilled to work collaboratively with ASC X9 on this worthwhile endeavor," PCI chief technology officer Troy Leach said in a press release. "Our two organizations have always enjoyed a strong working relationship, and this is an issue we are confident we can address by working together."

The effort should help simplify PIN standards and assessor programs for payment card industry stakeholders, Leach added.

For reprint and licensing requests for this article, click here.
Compliance PCI DSS Chip and PIN