Does the new QPA program and PCI PIN 3.0 affect you?
ControlScan will help demystify the newly launched PCI PIN 3.0 standard and Qualified PIN Assessor program.
As PIN security requirements have evolved from TG-3 to TR-39 to Visa PIN to PCI PIN 2.0 to PCI PIN 3.0, and as assessors have transitioned from CTGA to Visa SA to Qualified PIN Assessor (QPA), it’s sometimes hard to keep track of what’s going on with PIN security.
Never fear! ControlScan’s team has been around the block—CTGA, Visa SA—and we are proud to announce that ControlScan is an inaugural member of the PCI Qualified PIN Assessor (QPA) program, which was launched in the summer of 2019. QPA companies are held to a higher standard for training and delivery consistency, as well as report quality assurance that ensure that PIN is protected from merchant to the networks.
Similarly, the PCI PIN 3.0 standard includes sunset dates for clear-text key injection for KIFs and processors, sunset for fixed key TDES, and deadlines for key block and ISO-4 pin block support. Furthermore, as QPAs must perform audits to PCI PIN 3.0, additional quality assurance must now be performed on the written portion of the PIN ROC.
While these changes may not be severe for all entities, we recommend giving our friendly team a call to discuss impacts and schedule your next PIN assessment at 1-800-.825.-3301, ext. 2.
As experienced and Qualified PIN assessors, we will work with your team to address any gaps in your physical or logical security or provide advisory support for migration from deprecated cryptography or architecture.
Your ControlScan Qualified PIN Assessor (QPA) will conduct an onsite review of all in-scope systems and security processes, draft a full report, perform quality assurance, and deliver the PIN ROC and AOC—generally in less than 3 months.