Point of Interaction (PoI) and HSM (Hardware Secure Modules) must fulfil strict security and interoperability requirements in order to operate in the field and prevent fraud in payment transactions.
The PCI Security Standards Council’s (PCI SSC) mission is to enhance global payment account data security by developing standards and supporting services that drive education, awareness, and effective implementation by stakeholders.
Applus+ Laboratories has joined the Global Group of PCI Recognized Labs to assess devices for compliance with the PCI PTS Standards (HSM and POI).
This accreditation complements the portfolio of services that Applus+ can provide to PoS vendors, which includes interoperability testing under the main payment schemes, such as EMVCo, Visa, AMEX or Discover, and further security evaluation programs specific for some European countries, such as CommonSecc.
For HSM, Applus+ Laboratories will now be able to conduct security evaluations to obtain key certifications for different end-markets like payment (PCI), digital signature (Common Criteria for eIDAS), or Spanish security products catalogue (LINCE), among others.
“The accreditation process to obtain the PCI PTS accreditation has been very challenging, particularly due to the pandemic restrictions,” indicated Josepmaria Roca, Cybersecurity and Interoperability Labs Director, at Applus+ Laboratories. “We also want to acknowledge Madic trust in our labs, providing the necessary samples to conduct the pilot evaluation”.
“I am pleased to welcome Applus+ Laboratories to the Global Group of PCI Recognized Labs,” said PCI Security Standards Council (PCI SSC) Executive Director Lance Johnson. “Payments industry participation is critical to ensure PCI Standards support and align with the constant changes in payments and technology. Applus+ Laboratories is joining a group of experts that we rely on to help us secure solutions through robust security evaluations and to help us improve our knowledge.”
PCI validated PTS devices are listed on the PCI SSC website.