ATM friends - rules about ATM PCI compliance have you worried your "ATM will stop working on January 1st 2025"?
This was supposed to be my attempt at a guide to the source of the TR-31, TR-34 compliance stuff you may be hearing. It's difficult to find the actual standard, but this is how far I’ve gotten.
The ASC X9 corporation makes an ANSI standard that the PCI SSC adopts into PTS POI standards for ATM EPPs. Visa and Mastercard enforce compliance to the standards. Huh?
The acronym game is strong. The standards referenced are already deprecated and replaced with new ones. It's nice to know that the 2018 standard is required to be in place by 2025, but what about the 2021 standards? TR-31 standard was replaced 3 years ago.
We're still digging to figure out what actual PCI standard requires TR-31/34 by 2025. Its referenced in many different documents, but very hard to find the source.
This has been a fun rabbit hole to go down, lots of industry standard learning to do. Here's a bunch of sources we compiled. Send a note if you know where the actual standard is.
Mastercard Pin Security Terminal-and-PIN-Entry-Security-Standards-FAQs-1-September-2020.pdf (mastercard.com)
VISA Pin Security Info about PIN security | Visa
PCI SSC Payment Card Industry - Security Standards Council PCI Security Standards Council - Document Library
PCI - Payment Card Industry
SSC - Security Standards Council
PTS - PIN Transaction Security
POI - Point-of-Interaction PCI_PTS_POI_SRs_v6.2.pdf (pcisecuritystandards.org)
EPP - Encrypting PIN Pad
HSM - Hardware Security Module
ISO - International Organization for Standardization
ANSI - American National Standards Institute
ASC X9- Accredited Standards Committee X9, Incorporated Financial Industry Standards Accredited Standards Committee X9
TR-31 is ASC X9 TR 31-2018 A key block format used for secure exchange of symmetric keys ASC X9 TR 31-2018 - Interoperable Secure Key Exchange Key Block Specification. (ansi.org)
X9.143 replaced TR-31 in 2021 as a more current key block format for secure exchange of keys. ANSI X9.143-2021 - Retail Financial Services - Interoperable Secure Key Block Specification
TR-34 is ANSI ASC X9 TR 34–2019 an implementation of ASC X9.24-2 . A way of exchanging symmetric keys using asymmetric cryptography, basically a certificate-based Remote Key Loading (RKL) protocol. ASC+X9+TR+34-2019.pdf (ansi.org)