Physical and logical security audits at card manufacturers

In May 2013, the PCI SSC published the PCI Card Production Security Requirements for card manufacturers and personalizers. The maintenance of requirements for card manufacturers and personalizers was thus brought under the umbrella of the PCI SSC. The further development of the documents is thus also the responsibility of the PCI SSC.
However, the payment systems (e.g. MasterCard) still decide independently on the interpretation of the standards and the recognition of card manufacturers and personalizers. For this purpose, the payment systems maintain their respective compliance programs.

In addition to the high structural and organizational security requirements (“Physical Security Requirements”), card manufacturers and personalizers are also subject to security requirements for data processing and storage:
By means of so-called logical security audits, card manufacturers prove to MasterCard, for example, that they operate a security management system that reliably regulates all IT-relevant aspects.