PCI Council and X9 Committee to combine PIN security standards

One PIN to rule them all, one PIN to find them, one PIN to rule them all and in the darkness bind them

The One Ring from Lord of the Rings

The PCI Security Standards Council (PCI SSC) and financial services standards outfit the Accredited Standards Committee X9 have decided to combine forces on personal-identification-number-handling-rules.

Today, both have their own standards, which is a pain for organisations like banks that follow rules set by both organisations. The overlapping standards also make life hard for assessors who may consider an organisation's PCI compliance is not in order if they adhere to the X9 rules.

The Register imagines a few readers don't enjoy having to figure out how to get the two standards running alongside each other.

Hence the decision to consolidate the PCI PIN Security Standard and the X9 TR39 PIN Standard.

The PCI SSC will emerge as the boss of PIN standards, but the new rules will be figured out by a new "PCI PIN Assessment Working Group" comprising representatives from both standards organisations plus folk from payment companies

There's no word on when the single consolidated standard will land, but the two organisations clearly want to get this done sooner rather than later. ®




Biting the hand that feeds IT © 1998–2018