Theses updates improve the secure manufacture, production and delivery of payment cards
Great news, the PCI SSC has been updated the PCI Card Production Security Requirements,Version 1.1. The updated standard helps payment card vendorssecure the components and sensitive data involved in the production of payment cards,protecting against fraud via the compromise of card materials. The standard consists of both physical and logical security requirements that address card production activities including card manufacturing, chip embedding, data preparation, pre-personalization, card personalization, chip personalization, fulfillment, packaging, storage, mailing, shipping, PIN printing and mailing (personalized, credit or debit), PIN printing (non-personalized prepaid cards), and electronic PIN distribution.
The Version 1.1 provides additional guidance and also modifies or adds requirements in the following areas:
- Access control
- Card storage
- Emergency exits and fire doors
- PIN and card delivery
Vault construction Version 1.1 is available on the PCI SSC website at:
- Published documents include:
- PCI Card Production Security Requirements Summary of Changes from PCI Card Production Version 1.0 to 1.1
- PCI Card Production Logical Security Requirements Version 1.1
PCI Card Production Physical Security Requirements Version 1.1 While the card production security standard is maintained by the PCICounci, assessments are directly managed by the payment brands.
Card vendors are encouraged to work with the individual payment brands to confirm timing for performance of future security reviews against the PCI Card Production Security Requirements Version 1.1.
In resume“ We continue updating our standards to match the needs of today’s threat and business environments and to further increase security across the payment chain,” said PCI SSC Chief Technology Officer Troy Leach. “ These updated card production requirements will help card vendorssecure the card production process from design all the way through delivery.” Source: PCI DSS Website