Logical data protection
The PCI compliance refers to the technical and operational standards that terminal providers follow to secure and protect credit card data provided by card holder and transmitted through processing transaction.
What is PCI PTS ?
There are several PCI programs and certifications that can be found on the PCI Security Standard website.
Each of them aims to protect specific payment data or transaction process.
The security mechanisms described in these standards enable to prevent unauthorized access to sensitive data, protect the card holder information, ensure high level of encryption.
Secure handling of sensitive data
Alcineo is focused on PCI PIN Transaction Security, Point of Interaction device approval.
Alcineo supports terminal providers which design :
- PIN Entry Device (PED) or Unattented Payment Terminal (UPT) device : They are fully featured terminals that can be provided to any merchants without further implementation
- Non-PIN acceptance POI devices : evaluated for account data protection
- Encrypting PIN pads (EPPs) : that require integration into POS terminals or UPT
- Secure components for POS terminals : OEM product to be integrated into POS terminal or other payment devices.
PCI PTS goal
The Security Requirements are composed of modules according the multiple architectures of payment terminals. It allows terminal providers to integrate the accurate security features to their products and provides more flexibility during the security evaluation process.
Indeed, terminal providers must submit their devices to PCI PTS evaluation before production and deployment stages.
Choose a modular approach to efficiently build secure payment solution
Alcineo provides logical security modules to help manufacturers to build payment acceptance solutions that encompass PCI PTS POI requirements.
After self-integrity check, SBL prohibits unauthorized firmware or OS loading
A set of cryptographic algorithms and operations for encryption, message authentication and digital signature
Key management offer key updates and distributions. From generation to destruction, the key manager follows the whole lifecycle of operations
A set of security processes at application level : secure loading of the application, cryptographic computation or password management