Support Centre

You have out of 5 free articles left for the month

Signup for a trial to access unlimited content.

Start Trial

Continue reading on DataGuidance with:

Free Member

Limited Articles

Create an account to continue accessing select articles, resources, and guidance notes.

Free Trial

Unlimited Access

Start your free trial to access unlimited articles, resources, guidance notes, and workspaces.

International: PCI SSC releases updates on security requirements

The Payment Card Industry Security Standards Council ('PCI SSC') released, on 13 January 2022, the PCI Card Production and Provisioning Security Requirements version 3.0 updates. In particular, the PCI SSC stated that the updates ensure strong protections for customer payment information during the card production process, which includes card manufacturing, magnetic-stripe card encoding and embossing, card personalisation, and the card provisioning process, which is the process of adding cardholder account information to a device via an over-the-air or over-the-internet communication channel.

In addition, the PSI SSC Senior Vice President, Standards Officer, Emma Sutcliffe, stated that '[t]he updates to the Card Production and Provisioning Security Requirements are intended to meet the security and business needs of card vendor environments while protecting these environments from evolving threats and increasing security across the payment chain'.

As such, the updates include:

  • the PCI Card Production and Provisioning Logical Security Requirements and Test Procedures version 3.0 that highlights the scope and establishes minimum security levels with which vendors must comply for magnetic-stripe encoding and chip personalisation; and
  • the PCI Card Production and Provisioning Physical Security Requirements and Test Procedures version 3.0 that specifies the physical security requirements and procedures that entities must follow before, during, and after the card production and provisioning process.

You can read the press release here, the summary of changes here, the logical security requirements and test procedures here, and the physical security requirements and test procedures here.