X9 and PCI SSC Create Unified PIN Acceptance Security Standard
Unified PIN Standard Viewed as a Win for the Payment Industry
In response to industry feedback, the Accredited Standards Committee X9 Inc. (ASC X9) and the PCI Security Standards Council (PCI SSC) have completed a joint initiative to create one unified PIN Security Standard for payments stakeholders.
In 2018, ASC X9 entered into a long-term partnership with the PCI SSC to combine the X9 TR 39 technical report with the PCI PIN Security – Requirements and Testing Procedures standard, the latter to be the surviving document. Over the next months, members of X9 and the PCI SSC worked together to merge the two documents. The combined document is version 3.0 of the PIN Security – Requirements and Testing Procedures standard, which was approved in August 2018. X9 will continue to partner with the PCI SSC on future versions of the standard.
Since all recent work had been directed to the PCI SSC standard, X9 TR 39 became out of date, and X9 has approved its withdrawal from publication. The PCI SSC standard can be downloaded from the PCI website at no charge. Reporting requirements previously contained in X9 TR 39 can now be found in the PCI SSC’s Template for Report on Compliance.
The goal of this joint initiative was to create a single PIN security standard and assessor qualification program to be managed by the PCI SSC. The PCI PIN Assessment Working Group, made up of representatives of X9, the PCI SSC and payment brands, collaborated to ensure that the resulting standard satisfies both PCI and X9 requirements.
“This is a significant win for the payments industry in that we now have greater clarity and consensus around a single PIN standard. We were very pleased to work collaboratively with ASC X9 on this important challenge,” said PCI SSC Senior Vice President Troy Leach. “Our two organizations have always enjoyed a strong working relationship, and this is yet another example of us coming together to advance better payment security. The outcome of this effort is a simplified PIN standard and assessor program process for payment card industry stakeholders.”
X9 Executive Director Steve Stevens said, “Our two organizations can be very proud of the results of our ongoing partnership through the PCI PIN Assessment Working Group: the unification of X9 TR 39 with the PCI PIN Security Standard. This document contains the best of both its predecessors, and it will enable the highest level of security at the lowest possible cost. We look forward to continuing this effort into the future to ensure that the standard continues to meet the needs of the financial industry user base.”
About the PCI Security Standards Council
The PCI Security Standards Council (PCI SSC) leads a global, cross-industry effort to increase payment security by providing industry-driven, flexible and effective data security standards and programs that help businesses detect, mitigate and prevent cyberattacks and breaches. Connect with the PCI SSC on LinkedIn. Join the conversation on Twitter @PCISSC. Subscribe to the PCI Perspectives Blog.
For further PCI Security Standards Council media information, please contact email@example.com.
About the Accredited Standards Committee X9 Inc.
The Accredited Standards Committee X9 Inc. is a non-profit organization accredited by the American National Standards Institute (ANSI) to develop and maintain national and – through ISO –international standards for the financial services industry. The subjects of X9’s standards include: retail, mobile and business payments; corporate treasury functions; block chain technology; processing of electronic legal orders issued to financial institutions; tracking of financial transactions and instruments; financial transaction messaging (ISO 8583 and 20022); quantum computing; PKI; checks; cloud; data breach notification and more.
X9 acts as the U.S. Technical Advisory Group (TAG) for ISO TC68 (Financial), TC321 (E-Commerce) and TC322 (Sustainable Finance) and performs the secretariat functions for ISO TC68. Please visit our website (www.x9.org) for more information. Follow ASC X9 on Facebook, LinkedIn and Twitter.
ASC X9 TR 48-2018 Card-Not-Present (CNP) Fraud Mitigation in the United States
ANSI X9.124-2-2018 Financial Services – Symmetric Key Cryptography for the Financial Services Industry – Format
Preserving Encryption- Part 2: Key Stream with Counter Mode
ANSI X9.129-2017 (Version 01) Legal Order Exchange
ANSI X9.69-2017 Framework for Key Management Extensions