PCI PIN Security
PCI certifications
PCI PIN Security is a robust security standard developed by the PCI Security Standards Council (PCI SSC). It sets out technical and procedural requirements for solution providers and service providers who process PIN transactions or manage cryptographic keys.
Organisations offering services such as Key Injection Facility (KIF) or remote cryptographic key management also fall within the scope of this standard.

How we can help you?
As an accredited PCI Qualified PIN Assessor (QPA), we are dedicated to guiding you through the PCI PIN Security certification process. Whether you require an independent PCI PIN audit or expert consulting, we’re here to ensure your compliance journey is seamless and efficient.
Our services include in-depth analysis of your organisation’s infrastructure, processes, and key management practices. We prepare the necessary documentation, assess physical and procedural security, and verify compliance in alignment with PCI PIN Security requirements. Transparency is our priority, and we work closely with you to protect sensitive payment data and maintain the integrity of your systems.
How will we work with you?
Stage 1
Setting the Scope
of Certification
Every PCI PIN certification begins with defining the scope of the activity. This includes identifying the services provided, equipment, and locations to be assessed.
Stage 2
Gap Analysis
(optional)
For new clients or those unsure of their readiness for certification, we offer an optional gap analysis. This process simulates a certification audit, highlights non-conformities, and identifies areas for improvement. We also propose practical solutions to address challenges effectively.
Stage 3
Consulting
As your trusted partner, we’ll guide you step-by-step through the certification process. From answering your questions to recommending solutions, we ensure you’re equipped to achieve compliance with confidence.
Stage 4
Certification
audit
Our PCI PIN audit can be conducted remotely, on-site, or in a hybrid format. Within two weeks of the audit’s completion, we’ll provide a tracker document listing the evidence and documentation required to finalise the certification.
Stage 5
Corrections and
Evidence Collection
You’ll have up to 90 days to submit the required evidence or address observations. The quicker you provide these materials, the faster we can finalise the audit process.
Stage 6
Reporting
Based on the submitted evidence, we’ll prepare detailed compliance reports, often exceeding 200 pages, covering all relevant domains. These reports undergo a stringent QA process before being shared with you. At the end of this stage, you’ll receive an Attestation of Compliance (AOC), electronically signed.
Stage 7
Completion
Once the AOC is signed, the process concludes. Shortly after, you’ll receive a marketing certificate that confirms your compliance with PCI PIN Security standards.
Certification audit
The PCI PIN Security certification audit combines on-site and remote activities designed to confirm your organisation’s compliance. It comprises five key stages:
Interviews We’ll meet with your personnel or suppliers to discuss their roles, responsibilities, and methods for managing the card environment.
Configuration Review Your team will demonstrate the configuration of systems, devices, tools, and other elements like access control and alarm systems. We’ll also collect audit evidence during this phase.
Review of Management Processes We’ll evaluate processes for managing your card environment, including change reports, log reviews, and patching session documentation.
Documentation Review Conducted remotely, this step involves assessing your organisation’s network diagrams, policies, and procedures. Documents must be up-to-date, with their last review dated within the past 12 months.
Process Observations Certain processes, such as key generation, key distribution, and secure room activities, will be observed in real-time to ensure compliance.
After the audit, you’ll receive a comprehensive tracker document outlining our observations and listing the required evidence. Once all items are addressed, we’ll finalise your report and certification.
Don't buy a pig in a poke -
request a free consultation and check how we can assist you.
