What is the difference between PED security requirements and PIN security requirements?
Both the PIN (Personal Identification Number) and PED Security Requirements have the common overall objective of protecting the cardholder's PIN during a financial transaction. PED Security Requirements (managed by the PCI-SSC) are primarily concerned with device characteristics impacting the security of the PIN Entry Device used by the cardholder during a financial transaction. The requirements also include device management up to the point of initial key loading, but the evaluation process only addresses device characteristics.
The PIN Security Requirements (managed by MasterCard and Visa) consist of 32 security requirements divided into seven logically related groups, which are referred to as Control Objectives. The PIN requirements are about process
management-primarily dealing with the secure management of cryptographic keys throughout their lifecycle (key creation, conveyance, loading, usage, and administration). This results in a complete set of requirements for the secure management, processing, and transmission of Personal Identification Number (PIN) data during online and offline payment card transaction processing at attended and unattended point-of-sale (POS) terminals and for PIN processing at ATM's.
If you have questions or require additional information, please open a ticket and we will be in touch with you shortly.