Logical data protection

The PCI compliance refers to the technical and operational standards that terminal providers follow to secure and protect credit card data provided by card holder and transmitted through  processing transaction.

What is PCI PTS ?

There are several PCI programs and certifications that can be found on the PCI Security Standard website.

Each of them aims to protect specific payment data or transaction process.

The security mechanisms described in these standards enable to prevent unauthorized access to sensitive data, protect the card holder information, ensure high level of encryption.

PCI PTS PIN security

Secure handling of sensitive data

Alcineo is focused on PCI PIN Transaction Security, Point of Interaction device approval.

Alcineo supports terminal providers which design :

  • PIN Entry Device (PED) or Unattented Payment Terminal (UPT) device : They are fully featured terminals that can be provided to any merchants without further implementation
  • Non-PIN acceptance POI devices :  evaluated for account data protection 
  • Encrypting PIN pads (EPPs) : that require integration into POS terminals or UPT
  • Secure components for POS terminals : OEM product to be integrated into POS terminal or other payment devices.
PCI PTS security

PCI PTS goal

The Security Requirements are composed of modules according the multiple architectures of payment terminals. It allows terminal providers to integrate the accurate security features to their products and provides more flexibility during the security evaluation process.

Indeed, terminal providers must submit their devices to PCI PTS evaluation before production and deployment stages.

Evaluation domains

Physical and logical

Build a physical and logical barrier in order to prevent the risk of fraud.

POS terminal integration

Check that the integration of previous certified modules does not impact the overall security.

Communications & Interfaces

Assess that the connection with public network does not open security weaknesses and populate vulnerabilities in the device itself.

Life cycle assessment

Establish a chain of trust during the design and the development stage up to the manufacturing process and key loading.

Choose a modular approach to efficiently build secure payment solution

Alcineo provides logical security modules to help manufacturers to build payment acceptance solutions that encompass PCI PTS POI requirements.

After self-integrity check, SBL prohibits unauthorized firmware or OS loading

A set of cryptographic algorithms and operations for encryption, message authentication and digital signature 

Key management offer key updates and distributions. From generation to destruction, the key manager follows the whole lifecycle of operations

A set of security processes at application level : secure loading of the application, cryptographic computation or password management

Sign up to our newsletter and receive periodical news about Alcineo’s solutions and stay updated with the latest payment industry relevant insights.

Photos and vectors credits : Vecteezy.com