Request for Comments: PCI PTS POI Modular Security Requirements v7.0

From 1 October to 1 November, eligible PCI SSC stakeholders are invited to review and provide feedback on the draft PCI PIN Transaction Security (PTS) Point of Interaction (POI) Modular Security Requirements v7.0 during a 30-day request for comments (RFC) period.    

The RFC will be available through the PCI SSC portal, including instructions on how to access the documents and submit feedback. Eligible stakeholders will also receive instructions via email. As a reminder, participants are required to accept a Non-Disclosure Agreement (NDA) to download the document. Please review the RFC Process Guide for more information.    

Please note that PCI SSC can only accept comments that are submitted via the PCI SSC portal and received within the defined RFC period.    

Background on PCI PTS POI Modular Security Requirements v7.0 

The PCI Security Standards Council is planning a major revision to the PCI PTS POI Modular Security Requirements from version 6.2 to version 7.0. The PCI PTS POI Modular Security Requirements enhances security controls to defend against physical tampering and the insertion of malware that can compromise card data during payment transactions. The updates in the RFC include more than 30 requirement changes and 14 pieces of additional guidance. Some of these changes designed to address industry needs include:

• Adding a requirement for the physical/logical security of biometric interfaces.  
• Adding a requirement to allow the use of third-party applications (e.g., Play store).
• Defining that cryptographic keys used for device security must provide a minimum of 128 bits of effective strength.