PCI PIN Security Audits

PCI PIN Security Audits

PCI PIN Security Requirements form a part of the PCI PTS group of standards and apply to all acquirers and their agents processing personal identification numbers (PINs) for payment card transactions. The standard also applies to entities operating key-injection facilities for the injection of keys used for the acquisition of PIN data.

Sovereign is a certified security assessor for PCI PIN Security Requirements. We offer audit and consultancy services to the PIN Programme participants in all aspects of secure management, processing, and transmission of PIN data during online and offline payment transactions processing at ATMs and attended and unattended POS terminals.


  • PCI PIN Security assessments (covering the standard technical set, Normative Annex A and Normative Annex B) version 2.0, per Visa requirements of its direct connect processing members and their Third Party Agents (TPAs).
  • TR-39 audit of ATM operations in banks and credit unions, per requirements by Star, NYCE and Pulse EFT networks of all their members.
  • TR-39 audit of PIN debit POS transactions for Merchants per requirements by Star, NYCE and Pulse EFT networks.
  • Subsections of TR-39 audit that apply to ISO, ESO and KLD facilities, as required by the members of EFT networks.