The PCI Security Standards Council (PCI SSC), has announced the launch of a 30-day period to solicit feedback from PCI Participating Organizations on the next version of the PCI Hardware Security Module (HSM) security requirements.
Hardware security modules (HSM) are non-cardholder facing devices used in connection with the protection of sensitive data, such as cardholder data (e.g. PINs), and the cryptographic keys that protect or authenticate that information. For example, HSMs are used with PIN translation, payment card personalization, data protection and e-commerce. Requirements for testing and approving these devices fall under the PCI PIN Transaction Security (PTS) program that also tests and validates Point of Interaction (POI) devices to ensure they comply with industry standards for securing sensitive data.
The PCI SSC has made a number of modifications to version 1.0 aimed at providing greater alignment between the PCI Hardware Security Module (HSM) security requirements and those introduced with version 3 of the PTS Point of Interaction (POI) security requirements.
The Council requests input from Participating Organizations on these changes. All feedback will be reviewed and considered in finalizing the revised requirements for publication in the spring. Organizations should submit feedback using the online tool here by March 09, 2012.
“Because the Council is comprised of organizations ranging from merchants to acquirers to processors we have a unique opportunity to create standards based on feedback from across the payments spectrum. We rely heavily on active participation by our members. This industry feedback and expertise is critical to our mission and our business,” said Bob Russo, general manager, PCI Security Standards Council. “I would like to encourage each organization to take the time to provide us with input during this period.”