PCI PTS Evaluation and Consulting Services

PCI PIN Transaction Security (PTS) Requirements

All devices that are used for payments with Visa, Mastercard, American Express, JCB or Discover payment cards have to be compliant with PCI PTS requirements and have to be approved by PCI Security Standards Council (PCI SSC). The requirements serve to protect against fraud and ensure a safe entry and transfer of PIN and account data. SRC is recognized by PCI SSC as a testing laboratory and is thus authorized to conduct the evaluations necessary for the certification process.
From version 3.0 of the PCI PTS, all security requirements are divided into only two requirement catalogues. A modular catalogue of requirements is defined for Point-of-Interaction-(POI)-devices. It contains the three previously separated sets of requirements for POS PIN Entry Devices (PED), Encrypting PIN PEDs (EPP) and Unattended Payment Terminals (UPT). This requirements catalogue is also used for the evaluation of OEM components that are installed in other devices, including Encrypting PIN PEDs (EPP), POS PIN Entry Devices (PED), IC Card Readers (ICCR) and Magnetic Stripe Readers (MSR). Certified OEM components can contribute to significant costs saving during the evaluations of compound devices, since the evaluated components do not have to be evaluated again.
The second catalogue of security requirements is defined for Hardware Security Modules (HSM) that performs cryptographic operations on PIN and transaction data.

Our Services

SRC offers consulting services prior to an evaluation and supports you in achieving compliance with PCI PTS requirements. An early consultation with our experts may save you a costly re-design of components or the repetition of expensive testing procedures. We are happy to support you from the very first idea for a product through the design and development phase to the successful certification.   
Major advantages for you as a manufacturer are the synergies that can be achieved if SRC evaluates your payment system components according to PCI PTS and at the same time according to Open Standards for Security and Certification (OSeC) / Joint Interpretation Library Terminal Evaluation Methodology Subgroup (JTEMS). This would mean that the requirements of the German Banking Industry Committee and of UKCA are also met at the same time.
Furthermore, we can perform PCI evaluations that allow re-using the results also for other schemes. The criteria for Currence PCI+, APCA and PNC, for example, either require only an Add-On (Currence PCI+, PNC) to the PCI-PTS-requirements or the requirements may be added optionally as an Add-On to a PCI PTS-evaluation (APCA).
SRC is able to conduct the evaluation in a way that allows using the results for the various certification schemes. You can thus directly benefit from our extensive experience and long-standing cooperation with the various schemes.

Reference projects (list is non-exhaustive) and links to certification reports and publication

SRC has recently completed PCI evaluations for GMX YouTransactor, Wincor Nixdorf, Sum Up, Informatik and Cryptera.

Contact

Sandro Amendola
Detlef Kraus
Thilo W. Pannen

info[at]src-gmbh.de
telephone: +49(0)228 2806-0
telefax: +49(0)228 2806-199