Security Solutions to Prevent FraudThe MasterCard Point of Sale Terminal Security (PTS) program was announced in September 2005 together with a global encryption requirement for data exchanged by wireless POS terminals and Internet/Stand-alone IP-enabled POS terminals. As of January 2007, all acquirers have to replace noncompliant wireless POS terminals and Internet/Stand-alone IP-enabled POS devices with terminals that meet the data encryption requirement and all PTS security standards. Objectives and ScopeThe objective of the security evaluation program for Internet Protocol-enabled POS devices is to ensure the necessary level of protection for transaction and cardholder data at Merchants that use equipment that support the TCP/IP protocol suite. The security evaluation verifies that POS devices meet the relevant MasterCard requirements in terms of confidentiality, integrity and communicating parties’ authentication. By addressing the interface of POS terminals to open networks using open protocols, this new security program complements existing security programs at MasterCard that already address merchants or POS, such as PCI POS PED (security of PIN provided by PIN Entry Devices) and SDP (based on the PCI Data Security Standard). ResourcesThe approved POS terminals can be found in the document POS Terminal Security Program - Approval List. A description of the PTS program can be found in the document POS Terminal Security Program - Program Manual. Any queries related to the PTS program or the encryption requirements can be sent to pts@mastercard.com. |
|