PCI SSC announced and published new updates in the PCI PIN Transaction Security (PTS) Point-of-Interaction (POI) Modular Security Requirements v6.0 standard. With new advancements made in the payment ecosystem, new applications and payment device technology, it's necessary to safeguard and secure controls against cybercriminals who are developing new ways to breach systems storing sensitive payment data.
The PTS POI standard was developed to protect the PINs and cardholder data on magnetic stripe or the chip of an EMV card used along the mobile device. The latest version 6.0 includes key requirements and changes related to :-
- Restructuring key modules into Physical and Logical, Integration, Communications and Interfaces, and Life Cycle to reflect the diversity of devices supported under the standard and the application of requirements based upon their individual characteristics and functionalities.
- Ensuring ongoing protection by limiting the firmware approval timeframe to three years.
- Including requirements for devices that accept EMV enabled cards to support Elliptic Curve Cryptography (ECC), facilitating the EMV migration to a more robust level of cryptography.
- Enhancing support for accepting the magnetic stripe cards in mobile payments using solutions that follow the Software-Based PIN Entry on COTS (SPoC) Standard.
The in detail documents related to the PTS POI v6.0 Standard has been updated at the  PCI SSC document library. The documents are as stated below:
- PCI PTS POI Summary of Changes from v5.1 to v6.0
- PCI PTS POI Modular Derived Test Requirements
- PCI PTS Device Testing and Approval Program Guide
- PCI PTS POI Technical FAQs
As a forerunner on the cybersecurity front, QRC supports their customers to establish, document, implement and maintain Data Security and Privacy frameworks to protect their sensitive data from all Internal / External Threats and manage the confidentiality, Integrity, availability, Security, Privacy of such information systematically.