The PCI Security Standards Council recently released several updated regulations for the new Version 5.0 of the PIN Transaction Security (PTS) Point-of-Interaction (POI) Modular Security Requirements.
“The updates are designed to stay one step ahead of criminals who continue to develop new ways to steal credit and debit card data from cash machines, in-store and unattended terminals, and mobile devices used for payment transactions,” said the PCI Council.
Likewise, the added regulations were devised to inhibit potential malware that could compromise card data during a payment transaction and to block physical tampering. These changes have been mandated due to the increase of card skimming attacks and to acknowledge that retailers need the capability to respond promptly in the instance of a threat.
"We continue to see innovative skimming devices and new attack methods that put cardholder data at risk for fraud," said Troy Leach, PCI Security Standards Council Chief Technology Officer. "Security must continue to evolve to defend against these threats. The newest PCI standard for payment devices recognizes this challenge by requiring protections against advancements in attack techniques."
Within the past several years, fraud investigations have also noticed an increased amount of attempts to hack encryption payment data. These incidences have become prominent with data transmission and at the point of sale.
“With the increased use of encryption to protect payments, next-generation payment technology, like future point-of-interaction devices, must address the advancement of criminal attacks that will attempt to break the cryptography through means such as differential power analysis and similar techniques,” Leach says in an email to Digital Transactions News. “The next version of POI Version 5 addresses these concerns against current and future threats.”
The latest PCI standards will also support EMV against instances of card-present fraud and help drive new security standards to protect future payment transactions.
“With an EMV chip, the industry is improving protections against skimming and other attacks to reduce fraud. But no technology is bulletproof. In this ongoing battle against criminal attacks, we must continue to adapt the way we secure payments. With the latest PCI device standard, PCI is driving the evolution of global industry security standards that protect payment transactions now and in the future,” said PCI Security Standards Council General Manager, Stephen Orfei.
The new Version 5.0 of the PTS POI Modular Security Requirements is available now for payment device evaluations. Version 4.1 will retire later in September of 2017.