Press Release

PCI SSC Qualified PIN Assessor Program Open for Applications

New Program Will Train and Qualify Security Professionals to Perform Assessments in Accordance with the PCI PIN Security Requirements and Testing Procedures

WAKEFIELD, Mass., 20 February 2019 — PCI SSC is now accepting applications for the Qualified PIN Assessor (QPA) Program. The QPA Program will enable security professionals to perform assessments using the PCI PIN Security Requirements and Testing Procedures (PCI PIN Security Standard). QPAs will be specifically trained in security controls that need to be validated as being in place to protect the transmission and processing of personal identification numbers (PINs).

The new instructor-led training will cover the requirements for the secure management, processing, and transmission of personal identification number (PIN) data during online and offline payment card transaction processing at ATMs and attended and unattended point-of-sale (POS) terminals. QPAs will be validated to perform PCI PIN Security Assessments for organizations and attest to their compliance as required by the participating card brands. Qualified PIN Assessor Companies and their certified employees will be listed on the PCI SSC website.

“The Qualified PIN Assessor Program is a result from industry feedback for a more streamlined security PIN Standard assessment program,” said Troy Leach, Chief Technology Officer of the PCI Security Standards Council. “In fact, this is one of the reasons we partnered with ASC X9 on aligned PIN Requirements last year. By providing a standard certification and centralized list of approved PIN Assessor Companies, this new program will ensure high quality QPA services that are consistent in practice and oversight. This will benefit all payment stakeholders that rely on the integrity of PIN well into the future.”

Published in August 2018, Version 3.0 of the PCI PIN Security Standard is a result of collaboration between PCI SSC and the Accredited Standards Committee (ASC X9) to create one unified PIN Security Standard for payment stakeholders. The supporting assessment program will fulfill the industry’s request to simplify the security assessment process for stakeholders.

Security professionals with at least three years of advanced security experience including: cryptography, key management, network security, systems security and performing security assessments may apply to this new program. Candidates will be required to have two industry certifications and must submit applications via a Qualified PIN Assessor Company who will complete the QPA Assessor application process online. Organizations and security professionals should refer to the QPA Qualification Requirements for a full list of program requirements and to confirm eligibility for the program.

Read the blog Q&A with Gill Woodcock, Senior Director of Certification Programs for more information about this program. You can also find the program documentation located in the PCI SSC Document Library.

About the PCI Security Standards Council

The PCI Security Standards Council (PCI SSC) leads a global, cross-industry effort to increase payment security by providing industry-driven, flexible and effective data security standards and programs that help businesses detect, mitigate and prevent cyberattacks and breaches. Connect with the PCI SSC on LinkedIn. Join the conversation on Twitter @PCISSC. Subscribe to the PCI Perspectives Blog.

###