PCI SSC is accepting applications for the Qualified PIN Assessor (QPA) Program. The QPA Program will enable security professionals to perform assessments using the PCI PIN Security Requirements and Testing Procedures (PCI PIN Security Standard). QPAs will be specifically trained in security controls that need to be validated as being in place to protect the transmission and processing of personal identification numbers (PINs).
The new instructor-led training will cover the requirements for the secure management, processing, and transmission of personal identification number (PIN) data during online and offline payment card transaction processing at ATMs and attended and unattended point-of-sale (POS) terminals. QPAs will be validated to perform PCI PIN Security Assessments for organizations and attest to their compliance as required by the participating card brands. Qualified PIN Assessor Companies and their certified employees will be listed on the PCI SSC website.
“The Qualified PIN Assessor Program is a result from industry feedback for a more streamlined security PIN Standard assessment program,” said Troy Leach, Chief Technology Officer of the PCI Security Standards Council. “In fact, this is one of the reasons we partnered with ASC X9 on aligned PIN Requirements last year. By providing a standard certification and centralized list of approved PIN Assessor Companies, this new program will ensure high quality QPA services that are consistent in practice and oversight. This will benefit all payment stakeholders that rely on the integrity of PIN well into the future.”
Published in August 2018, Version 3.0 of the PCI PIN Security Standard is a result of collaboration between PCI SSC and the Accredited Standards Committee (ASC X9) to create one unified PIN Security Standard for payment stakeholders. The supporting assessment program will fulfill the industry’s request to simplify the security assessment process for stakeholders.
Security professionals with at least three years of advanced security experience including: cryptography, key management, network security, systems security and performing security assessments may apply to this new program.
Candidates will be required to have two industry certifications and must submit applications via a Qualified PIN Assessor Company who will complete the QPA Assessor application process online. Organizations and security professionals should refer to the QPA Qualification Requirements for a full list of program requirements and to confirm eligibility for the program.