TR-39 (<abbr title="Personal Identification Number">PIN</abbr> Security and Key Management)

TR-39 (PIN Security and
Key Management)

To validate proper Personal Identification Number
(PIN) security and key management practices, Visa's PIN audit and the TR-39 (formerly TG-3) audit utilized by NYCE, PULSE and STAR are required by payment networks and card brands.

All entities handling PINs or cryptographic keys used in PIN processing must complete a PIN Security and Key Management audit and provide reporting of compliance to the appropriate networks. The TR-39 audit focuses on compliance with standards established by the American National Standards Institute (ANSI) surrounding transactions and information processed through ATMs and POS terminals.

CounterStrike's cost effective approach is to deliver a comprehensive checklist to the client then conduct an on-site assessment including:

Review of policies and procedures
Review of results of procedures, including:

Use of dual control and split knowledge
Maintenance of proper logs
Proper handling and storage of encryption keys

Observation of procedures being correctly performed
Inspection of hardware and software used for PIN processing
Inspection of physical facilities used for PIN processing or key injection

After completion of testing of the control objectives, CounterStrike's Certified TG-3 Assessor (CTGA) will produce a detailed gap analysis report should any gaps exist and/or complete reports ready for submission to the networks for passing entities.

Contact CounterStrike in advance of your your semi-annual, even numbered year TR-39 audits are required.

TR-39 (PIN Security andKey Management)

TR-39 (PIN Security and
Key Management)