Security & Approvals
Our solutions meet international and national requirements. They also meet yours.
Whether you have business in Los Angeles or in London, your needs are covered with Cryptera. Our payment solutions live up to international and national standards and can be customized for just about any individual application or specification.
This allows you to benefit from the efficiency of a one-stop shop and simplified integration and technology migration. It also allows end-users to rest assured that their payment cards can be used no matter where in the world they might roam.
Meets PCI and EMV requirements for approval
All of our products hold a wide range of security approvals and are continuously being updated to international standards such as PCI and EMVCo, as well as selected country-specific requirements and specifications.
The payment schemes of banking and credit cards set requirements for the security of payment devices. These requirements may concern on-line PIN verification and/or the off-line PIN verification introduced along with EMV. International requirements for the security are given in the PIN Entry Device (PED) requirements provided by the Payment Card Industry (PCI).
Some countries have national requirements to be fulfilled in addition to the international PCI requirements. Cryptera´s extensive experience as a provider of secure PIN entry solutions and the high level of the security concepts deployed in the devices are important factors in obtaining international and national approvals.
PCI = Payment Card Industry = A common organization of payment “brand” like Visa, Mastercard, JCB, etc. Purpose of PCI is to establish a common security level and to protect the “brands” from losses caused by fraud.
PCI PTS = PCI PIN transaction Security, PCI’s set of rules for devices that does transactions that include PIN codes.
There are several versions of the PCI PTS rules:
- PCI 1.0 Introduced in 2004, expired in 2014
- PCI 2.0 Introduced in 2007, expired in 2017
- PCI 3.0 Introduced in 2010, expired in 2021
- PCI 4.0 Introduced in 2013, expires in 2023
- PCI 5.0 Introduced in 2016, expires in 2026
- PCI 6.0 Introduced in 2020, expires in 2030
Security requirements and PCI approved devices
In general all devices that are used to handle transactions going to one of the brands, and use PIN codes must be PCI PTS approved. Devices must have a valid approval when installed.
If the devices are NOT PCI PTS approved, problems might occur:
- The Acquirers receiving the transactions might reject the terminals
- The business using the non approved terminals might have high liabilities in case of fraud
PCI also maintains a set of Data Security Standards, called PCI DSS, these apply for all transactions that involve Card and account data. For terminals processing card data the PCI SRED requirement apply.
Read about the security requirements and approved devices below.
EMV Level 1 & EMV Level 2
- EMV is the international standard for chip-based payment – covering both contact and contactless technology, and both cards and terminals. The organization EMVCo was founded by Europay, Mastercard and Visa in the mid-90’s, and is today owned by the international card schemes American Express, JCB, MasterCard, UnionPay, and Visa, as well as US-based Discover.
- Cryptera provides EMV functionality in a number of products, for both contact and contactless based payment terminals.
Cryptera solutions meet national approval. Many countries and banks have their own approval requirements. Cryptera has met those specific requirements. Here are links to some:
- Canada – Interac – interac.ca
- China – China UnionPay – cert.unionpay.com
- Denmark – dankort.dk & www.nets.eu
- France – Cartes Bancaire – cartes-bancaires.com
- Germany – Geldkarte – zka.de
- Luxembourg – Cetrel – cetrel.lu
Cryptera´s solutions can be tailored to meet your specific requirements.