PIN Security Program
Visa is simplifying and unifying PIN security compliance validation across all regions.
Welcome to Visa® PIN Security website. The information on this site describes Visa's global Personal Identification Number (PIN) Security program designed to assist organizations in maintaining the highest level of PIN security. This website contains timely NEWS articles about PIN topics as well as Important Visa PIN Information for anyone involved with PIN processing.
If you have any questions pertaining to PIN security at Visa, contact your regional Visa Risk Representative or send an email to email@example.com.
PCI PIN Security Requirements Updated NEW
To enhance validation methods and improve consistency with compliance assessments, the Payment Card Industry Security Standards Council has released version 2.0 of its PIN security requirements. Effective 1 July 2015, Visa PIN Security Program participants must start their PIN security compliance assessments according to version 2.0.
Use the following links to read more about the changes;
- Bulletin - PCI PIN Security Requirements Updated - 29 January 2015
- PCI PIN Security Requirements - Version 2
- PCI PIN Security Requirements and Testing Procedures – Version 2
Changes to PIN Security Program Go Into Effect - 1 January 2014
Visa is updating its PIN Security Program, simplifying and unifying PIN security compliance validation across all Visa Inc. regions. The modifications will drive PIN security through a risk-based, prioritized approach that focuses on entities that process PIN data or perform key management activities on behalf of Visa clients.
Visa PIN Security Program changes go into effect 1 January 2014.
Read more about the program changes:
- Visa PIN Security Program Modifications
- Visa PIN Security Program FAQ
- Visa PIN Webinar presentation December 2013
For information on the PIN Security Program modifications, contact your regional Visa Risk Representative.
PIN Entry Device (PED) Usage, Sunset and Expiration Dates NEW
Visa's PIN Entry Device (PED) requirements have been updated.
Know key dates and best practices to consider when developing PED acquisitions, usage and deployment strategies for your organization. Answers to PED frequently asked questions and information about PCI PTS V1.x devices expiring on April 30, 2014 is included.
Compromised PIN Entry Device (PED) List NEW
Visa's maintains a list of older PIN Entry Devices (PED) reported as compromised and may be vulnerable to attacks.
All organizations are encouraged to review this list to identify if listed devices are deployed in your environment and what actions you should take to protect your organization from loss.
Know What is Secure - Approved PIN Acceptance Device List
The PCI Security Standards Council (PCI-SSC) PIN Transaction Security (PTS) Point of Interaction (POI) Security Requirements provides a single set of evaluation requirements for all PIN acceptance devices.
Don't Be A Victim of Card Skimming - PIN Entry Devices and Best Practices
All merchants need to read Skimming Prevention: Best Practices for Merchants. This document will assist and educate merchants regarding security best practices and defenses against skimming attacks.
Best Practices for Issuer PIN Security
The Issuer PIN Security Guidelines provides best practices and recommendations for Issuers managing PINs within their environment. Visa highly encourages Issuers to review and follow these guidelines to protect PIN data within Issuers domains.
For more information on Visa PIN Security Program, contact your regional Visa Risk Representative at the following e-mail addresses: