If you accept or process payment cards, the PCI Data Security Standards apply to you.

These standards cover technical and operational system components included in or connected to cardholder data.

The PCI PIN Transaction Security Requirements (called PCI PTS) are focused on characteristics and management of devices used in the protection of cardholder PINs and other payment processing related activities. Manufacturers must follow these requirements in the design, manufacture and transport of a device to the entity that implements it.

Financial institutions, processors, merchants and service providers should only use devices or components that are tested and approved by the PCI Council.

The Payment Application Data Security Standard is for software vendors and others who develop payment applications that store, process or transmit cardholder data and/or sensitive authentication data, for example as part of authorization or settlement when these applications are sold, distributed or licensed to third parties.

Most card brands encourage merchants to use payment applications that are tested and approved by the PCI Council.

A comprehensive set of security requirements for point-to-point encryption solution providers, this PCI standard helps those solution providers validate their work. Using an approved point-to-point encryption solution will help merchants to reduce the value of stolen cardholder data because it will be unreadable to an unauthorized party. Solutions based on this standard also may help reduce the scope of their cardholder data environment – and make compliance easier.

Point-to-Point Encryption is a cross-functional program that results in validated solutions incorporating many of our various security standards.