Are you running an agency?

Deliver custom consent experience for your clients with a single platform.

Table of Content

What is Saudi Arabia's Personal Data Protection Law (PDPL)? Who does PDPL apply to? What is personal data in the PDPL? What are the principles of data processing in PDPL? 11 steps to PDPL compliance What are the data subject rights in PDPL?

PCI SSC Launches New PIN Listing Program

A Strategic Shift in PIN Security

In a major move to strengthen global payment card security, the Payment Card Industry Security Standards Council (PCI SSC) has officially launched the PCI PIN Listing Program. This initiative is designed to streamline and formalise the process of evaluating and listing solutions that protect PIN data in payment environments.

As a Qualified PIN Assessor (QPA) and PCI SSC Approved QSA, Risk Associates welcomes this program as a pivotal development for financial institutions, hardware vendors, and payment processors seeking a more structured, transparent approach to PIN security validation.

Why the PIN Listing Program Matters?

The PIN Listing Program complements the existing PCI PIN Security Requirements, offering an independent validation mechanism for solutions that process or protect PINs. Previously, stakeholders had no single repository to verify if a vendor solution was assessed against the required controls. Now, the PCI SSC will maintain a centralised listing for validated solutions, adding clarity and confidence for adopters.

The new PIN Listing Program provides a publicly accessible directory of compliant PIN Service Providers. These providers have undergone rigorous assessments against the PCI PIN Security Standard, which governs how Personal Identification Number (PIN) data is processed, transmitted, and stored — whether at ATMs, POS terminals, or during online payment authorisation.

What’s New in the Program?

The PIN Listing Program provides a more efficient and transparent framework for Qualified PIN Assessors (QPAs) and service providers alike:

Centralised Submission via PCI SSC Portal
Streamlines application procedures with a uniform process for submitting and evaluating Attestations of Compliance (AOCs).
Public Directory for Verified Providers
A comprehensive and fee-based listing will be published on the PCI SSC’s website, enabling visibility for validated service providers.
Enhanced Information Transparency
Each listing includes the QPA company name, PIN Standard version, and validation details—ensuring accountability and informed decision-making.
Promotional Listing Fees Until 2025
The PCI SSC is offering reduced fees for listing submissions received before 31 December 2025.

Getting listed is not mandatory, but it's becoming an industry expectation.

A PIN Service Provider’s listing is valid for two years from the date the Qualified PIN Assessor (QPA) signs the Attestation of Compliance (AOC).

Strategic Implications

For Banks and Payment Ecosystems

The launch of the PCI SSC New PIN Listing Program marks an industry-wide commitment to elevating PIN security standards and fostering trust across the payment value chain.

As cyber threats continue to evolve, assurance of PIN security is not just a technical requirement—it’s a strategic imperative. PCI SSC’s latest program helps build ecosystem trust by identifying providers who meet the stringent requirements of the updated PIN standard.

Risk Associates’ role as a PCI SSC Approved QPA company positions us to assess and validate PIN Service Providers as part of their compliance strategy. Our team of certified assessors can help providers align with the latest updates in the Qualified PIN Assessor (QPA) Program Guide.

Whether you’re a device manufacturer, payment processor, or acquiring bank, adopting the PIN Listing Program is a critical step in future-proofing your payment security strategy.

This new listing program reinforces PCI SSC’s ongoing mission to simplify and standardise how compliance is communicated and verified in the payment ecosystem. It’s a win for merchants, a win for consumers, and a crucial step forward for service providers aiming to stand out through verified compliance.

As a PCI SSC Qualified PIN Assessor (QPA), Risk Associates conducts independent assessments of PIN security implementations across Australia, Bahrain, Saudi Arabia and EMEA, enabling service providers to meet new PIN listing requirements.

FAQs

The PCI SSC New PIN Listing Program is an official directory managed by the Payment Card Industry Security Standards Council (PCI SSC) that lists service providers who have successfully validated their compliance with the PCI PIN Security Standard. It introduces a centralised, Council-recognised mechanism to identify vendors with independently assessed and compliant PIN environments, supporting acquirers and merchants in selecting trusted providers.

Entities eligible for listing include PIN Service Providers that perform PIN encryption, decryption, or key management in payment ecosystems. These may be payment processors, hardware vendors, or secure key injection facilities. To qualify for the listing, providers must undergo a successful assessment conducted by a Qualified PIN Assessor (QPA) like Risk Associates and submit a validated Attestation of Compliance (AOC) through the PCI SSC Portal.

A Qualified PIN Assessor (QPA) is an independently authorised assessor certified by PCI SSC to evaluate entities against the PCI PIN Security Requirements. Under the PIN Listing Program, the QPA conducts a full-scope assessment and signs the AOC required for listing. QPAs play a critical role in ensuring the technical integrity, cryptographic controls, and operational procedures align with the latest version of the PCI PIN Standard.

Navigating PCI PIN? Start with a Verified Assessment.

Work with Qualified PIN Assessors to meet PCI SSC standards.

Talk to an Expert

PCI Security Standards Council - Standards

ISO/IEC Standards

Independent Validation for Regulated Industries

Certifying what your sector demands