The Payment Card Industry Security Standards Council (PCI SSC) recently published updated PCI Card Production Security Requirements. Version 1.1 of the standards include new logical and physical security standards to protect against fraud and improve security in the event of any comprise. The new requirements may be of particular interest to banks and card manufacturers, as many of the new standards relate to card production activities including card manufacturing, chip embedding, data preparation, pre-personalization, card personalization, chip personalization, fulfillment, packaging, storage, mailing, shipping, PIN printing and mailing, and electronic PIN distribution.
Version 1.1, which is available at the PCI SSC website, provides additional guidance and also modifies or adds requirements in the following areas:
-
Access control
-
Alarms
-
Card storage
-
Embossing
-
Emergency exits and fire doors
-
PIN and card delivery
-
Vault construction
Although PCI remains an important standards setting agency, it has encouraged card vendors to work with the individual payment brands to confirm timing for performance of future security reviews and amendments. “We continue updating our standards to match the needs of today’s threat and business environments and to further increase security across the payment chain,” said PCI SSC Chief Technology Officer Troy Leach. “These updated card production requirements will help card vendors secure the card production process from design all the way through delivery.”