Various audits are required by payment networks and brands to validate proper PIN security and key management practices. These audits include Visa’s PIN audit and the TR-39 (TG-3) audit utilized by NYCE, PULSE and STAR. All entities handling PINs or cryptographic keys used in PIN processing must complete a PCI PIN / TR-39 (TG-3) Assessment and provide reporting of compliance to the appropriate networks.
Example entities required to assess based on these criteria include payment processors, payment gateways, retail merchants conducting PIN translation, key injection facilities, certificate authorities used by Pin Entry Devices (PEDs) and Encryption Service Providers.
PSC can conduct either of these two audits individually or in concert, delivering a cost effective and complete PIN security assessment. These assessments are conducted by a Certified TG-3 Assessor (CTGA) and in compliance with the guidelines created by the networks.
The PSC approach is to deliver a comprehensive checklist to the client then conduct an on-site assessment including:
After completion of testing of the control objectives, PSC will produce a detailed gap analysis report should any gaps exist or completed reports ready for submission to the networks for passing entities.
All assessments are conducted under PSC’s mature compliance framework, including using industry accepted sampling methodologies, meticulous quality assurance process and peer review.