Physical and logical security audits at card manufacturers
In May 2013, the PCI SSC published the PCI Card Production Security Requirements for card manufacturers and customisers. The maintenance of the requirements for card manufacturers and customisers has thus been brought under the umbrella of the PCI SSC. The PCI SSC is also responsible for the further development of the documents.
However, payment systems (e.g. MasterCard) continue to decide independently on the interpretation of standards and the recognition of card manufacturers and customisers. For this purpose, the payment systems maintain their respective compliance programs.
In addition to the high structural and organisational security requirements (“Physical Security Requirements”), card manufacturers and customisers are also required to meet security requirements for data processing and storage:
Through so-called Logical Security Audits, card manufacturers prove to MasterCard, for example, that they operate a security management system that reliably regulates all IT-relevant aspects.
SalesSRC Security Research & Consulting GmbH