PCI SECURITY STANDARDS COUNCIL ANNOUNCES AVAILABILITY OF PIN ENTRY DEVICE (PED) APPROVAL LISTINGS

—Council meets objectives of single source for information on PED security requirements and equipment—

WAKEFIELD, Mass., Feb. 11, 2008 — The PCI Security Standards Council, a global, open industry standards body providing management of the Payment Card Industry Data Security Standard (DSS), PCI PIN Entry Device (PED) Security Requirements and the Payment Application Data Security Standard (PA-DSS), today announced that PCI PED equipment approval listings and security requirements documents are available on the Council’s website at https://www.pcisecuritystandards.org/pin/. With today’s announcement, the PCI SSC has finalized this important phase of its mission to assume responsibility as a single source of information and requirements for PED. PED was previously jointly administered by JCB, MasterCard Worldwide and Visa, Inc.

The PED Security Requirements are designed to ensure the security of personal identification number (PIN)-based transactions globally and apply to devices that accept PIN entry for all PIN-based transactions. The Council has not only taken over responsibility of the PED Security Requirements, but also now maintains the listing of all approved devices and supporting documents for device makers seeking to ensure their equipment meets this key standard. It also provides merchants and service providers with a single source of information on PED equipment that can be used immediately.

“The Council has now completed this important step in improving security for cardholder data by making available the PED Security Requirements, list of approved devices and all supporting documents. This will ease the burden on merchants, vendors and service providers,” said Bob Russo, General Manager, PCI Security Standards Council. “We are simplifying processes and have removed conflicting requirements to ensure a level playing field for the device marketplace.”

As previously announced in September 2007, with the PED Security Requirements administered by the Council, all founding payment brands recognize PED certification and streamlined device testing processes. This is intended to reduce costs for vendors and merchants and lead to the proliferation of a wider set of PED products. PED manufacturers submitting devices for security testing are now able to rely on a single set of requirements, ensuring cardholder security and providing opportunities for faster deployment.

For More Information:
If you would like more information about the PCI Security Standards Council or would like to become a Participating Organization please visit pcisecuritystandards.org, or contact the PCI Security Standards Council at info@pcisecuritystandards.org.

About the PCI Security Standards Council
The mission of the PCI Security Standards Council is to enhance payment account security by driving education and awareness of the PCI Data Security Standard and other standards that increase payment data security.

The PCI Security Standards Council was formed by the major payment card brands American Express, Discover Financial Services, JCB, MasterCard Worldwide and Visa Inc. to provide a transparent forum in which all stakeholders can provide input into the ongoing development, enhancement and dissemination of the PCI Data Security Standard (DSS), PIN Entry Device (PED) Security Requirements and the Payment Applications Data Security Standard (PA-DSS). Merchants, banks, processors and point of sale vendors are encouraged to join as Participating Organizations.