Historical
X9 TG-3:2006
Retail Financial Services Compliance Guideline - Online PIN Security and Key Management
This guideline applies to all organizations using the Triple Data Encryption Algorithm - TDEA (reference ?7) for the encryption of PINs used for retail financial services such as POS and ATM transactions, messages among retailers and financial institutions, and interchange messages among acquirers, switches and card issuers. The guideline should be completed by all organizations acquiring or processing transactions containing PINs, from the terminal driving system to the authorizing entity. The guideline control objectives address security controls from the PIN entry device to the interface delivering the transaction to the authorizing entity. When this guideline is completed by a device manufacturer, the control objectives are intended to evaluate the manufacturing environment and the devices ability to be implemented in a manner compliant with X9.8 and X9.24 (all parts). This guideline does not apply to the procedures or controls associated with message authentication.
Content Provider
Accredited Standards Committee, Inc. - Financial Industry Standards [ascx9]
