The PCI Security Standard Council (PCI SSC) have produced two new information supplements in January 2013, covering ATM security and e-Commerce. Both of these are available within the documentation library on the PCI Security Standards Council website.
The “Information Supplement: PCI PTS ATM Security Guidelines” is aimed to help with mitigating the effect of attacks on ATMs where PIN and account data have been stolen. Attacks on ATM’s occur frequently and convictions of those committing the attacks are common. This guideline is aligned with the PCI Pin Transaction Standard (PTS) Point of Interaction (POI) set of security requirements. It gives security guidance to acquirers and ATM operators that purchase, deploy, and/or operate ATMs as well as giving security and best practice guidance to ATM industry stakeholders.
The second guide “Information Supplement: PCI DSS E-commerce Guidelines” is of importance to merchants and service providers. The intent of this Information Supplement is to provide guidance on the use of e-commerce technologies in accordance with the requirements of the Payment Card Industry Data Security Standard (PCI DSS). This provides supplemental guidance on the use of e-commerce technologies in cardholder data environments. For the purposes of the guideline, the term e-commerce refers to environments where merchants accept payment cards over the Internet. The guideline provides supplemental advice on the use of e-commerce technologies in cardholder data environments and does not replace or supersede PCI DSS requirements. This document may also be of value for assessors reviewing e-commerce environments as part of a PCI DSS assessment.