Few writings around the PCI PIN compliance subject illustrate whether a company needs to adhere to the PCI PIN security requirements. In principle, any organization across the cardholder PIN processing lifecycle must comply to PCI PIN standards. Here is helping you understand if you must.
Scope of PCI PIN Compliance
Generally, companies that must comply to the PCI PIN security requirements are the ones that manage or utilize devices that process and accept cardholder PINs. These companies can be related to institutions that have installed ATMs, Point of Sale (POS) terminals or payment kiosks. In addition, organizations that provide key management services, especially in the form of encryption support or injection facilities, must pay close attention to their PCI PIN compliance status. Equally important are the companies using asymmetric cryptography via remote distribution and certificate authorities.
But this is really not the answer you were looking for. Do you need to adhere to PCI PIN security requirements? The answer to this question must be neat, accurate, and instructive – knowledge that will help you understand if you should be mindful of the seven control objectives that specify 33 security and procedural requirements for you to be compliant to the PCI PIN requirements.