Document Comparison
PCI_PIN_AOC_v3.2.pdf
→
PCI_PIN_AOC_v3.3_Feb%202026.pdf
91% similar
12 → 12
Pages
2314 → 2337
Words
17
Content Changes
Content Changes
17 content changes. 13 administrative changes (dates, page numbers) hidden.
Added
p. 4
Section 1: Assessment Information Instructions for Submission This Attestation of Compliance must be completed by the assessor as a declaration of the results of the assessment of the subject entity’s (“PIN Service Provider”) compliance with the Payment Card Industry PIN Security Requirements and Test Procedures (PCI PIN). All sections must be completed. The PIN Service Provider is responsible for ensuring that each section is completed by the relevant parties, as applicable. Contact the entity requesting the assessment (e.g., Payment Brand) for reporting and submission procedures.
Reason that the sub-requirement was not tested or was not applicable.
Section 2: Report on Compliance This Attestation of Compliance reflects the results of an onsite assessment, which is documented in the ROC.
Section 3: Validation and Attestation Details Part 3. PCI PIN Validation This AOC is based on results noted in the PCI PIN Report on Compliance dated (completion date) (the “ROC”).
☐ If my environment changes, …
Reason that the sub-requirement was not tested or was not applicable.
Section 2: Report on Compliance This Attestation of Compliance reflects the results of an onsite assessment, which is documented in the ROC.
Section 3: Validation and Attestation Details Part 3. PCI PIN Validation This AOC is based on results noted in the PCI PIN Report on Compliance dated (completion date) (the “ROC”).
☐ If my environment changes, …
Modified
p. 4
Part 1b. Qualified PIN Assessor Company Information (if applicable) Company Name:
Part 1b. Qualified PIN Assessor Company Information Company Name:
Modified
p. 4
State/Province: Country: State/Province:
State/Province: Country: Postal Code:
Modified
p. 5
Part 2b. Locations List the types of facilities reviewed as part of the PCI PIN Assessment (for example, data centers, key-injection facilities, certification authority operations, etc.) and applicable details of the locations included in the PCI PIN review (e.g. city, country).
Part 2b. Locations List the types of facilities reviewed as part of the PCI PIN Assessment (for example, data centers, key-injection facilities, certification authority operations, etc.) and applicable details of the locations included in the PCI PIN review (e.g., City, Country).
Modified
p. 6
Full
• The requirement and all sub-requirements of that requirement were assessed, and nosub- requirements were marked as “Not Tested” or “Not Applicable” in the ROC (defined in Section 3 below).
• The requirement and all sub-requirements of that requirement were assessed, and no
Full
• The requirement and all sub-requirements of that requirement were assessed, and no sub-requirements were marked as “Not Tested” or “Not Applicable” in the ROC (defined in Section 3 below).
• The requirement and all sub-requirements of that requirement were assessed, and no sub-requirements were marked as “Not Tested” or “Not Applicable” in the ROC (defined in Section 3 below).
Modified
p. 6
Details of specific sub-requirements that were marked as either “Not Tested” and/or “Not Applicable” in the ROC Reason that the sub-requirement was not tested or was not applicable
Details of specific sub-requirements that were marked as either “Not Tested” and/or “Not Applicable” in the ROC.
Removed
p. 9
☐ I have read the PCI PIN Standard and I recognize that I must maintain PCI PIN compliance, as applicable to my environment, at all times.
☐ If my environment changes, I recognize I must reassess my environment and implement any additional PCI PIN requirements that apply.
Part 3b. Assessed Entity PIN Security Attestation Signature of Executive Officer of Service Provider Service Provider Executive Officer Name:
☐ If my environment changes, I recognize I must reassess my environment and implement any additional PCI PIN requirements that apply.
Part 3b. Assessed Entity PIN Security Attestation Signature of Executive Officer of Service Provider Service Provider Executive Officer Name:
Modified
p. 9
Based on the results documented in the ROC, the signatories identified in Parts 3b-3c, as applicable, assert(s) the following compliance status for the Service Provider (check one):
Based on the results documented in the ROC, the signatories identified in Parts 3a-3b, as applicable, assert(s) the following compliance status for the Service Provider (check one):
Modified
p. 9
☐ Compliant: All sections of the ROC are complete, all questions answered affirmatively, resulting in an overall COMPLIANT rating; thereby (Service Provider Company Name) has demonstrated full compliance with the PCI PIN Security Requirements.
☐ Compliant: All sections of the ROC are complete, all questions answered affirmatively, resulting in an overall COMPLIANT rating; thereby, (Service Provider Company Name) has demonstrated full compliance with the PCI PIN Security Requirements.
Modified
p. 9
☐ Non-Compliant: Not all sections of the ROC are complete, or not all questions are answered affirmatively, resulting in an overall NON-COMPLIANT rating, thereby (Service Provider Company Name) has not demonstrated full compliance with the PCI PIN Security Requirements.
☐ Non-Compliant: Not all sections of the ROC are complete, or not all questions are answered affirmatively, resulting in an overall NON-COMPLIANT rating; thereby, (Service Provider Company Name) has not demonstrated full compliance with the PCI PIN Security Requirements.
Modified
p. 9
Target Date for Compliance: DD/MMM/YYYY An entity submitting this form with a status of Non-Compliant may be required to complete the Action Plan in Part 4 of this document. Check with the payment brand(s) before completing Part 4.
Target Date for Compliance: YYYY-MM-DD An entity submitting this form with a status of Non-Compliant may be required to complete the Action Plan in Part 4 of this document. Check with the payment brand(s) before completing Part 4.
Modified
p. 9
☐ Compliant but with Legal exception: One or more requirements are marked “Not in Place” due to a legal restriction that prevents the requirement from being met. This option requires additional review from acquirer or payment brand.
☐ Compliant but with legal exception: One or more requirements are marked “Not in Place” due to a legal restriction that prevents the requirement from being met. This option requires additional review from acquirer or payment brand.
Modified
p. 9
Affected Requirement Details of how legal constraint prevents requirement being met Part 3a. Acknowledgement of Status Signatory(s) confirms:
Affected Requirement Details of how legal constraint prevents requirement from being met Part 3a. Service Provider Attestation ☐ As the authorized representative of this vendor, I hereby acknowledge that I have read the PCI PIN Security Requirements and I accept responsibility to maintain PCI PIN Security Requirements compliance, as applicable to my environment.
Removed
p. 10
Signature of Duly Authorized Officer of QPA Company Date: DD/MMM/YYYY Duly Authorized Officer Name: QPA Company:
Modified
p. 10
Part 3d. PCI SSC Acceptance (optional*) * Applicable only if the Service Provider chooses to be listed on the List of PIN Service Providers on the Website.
Part 3c. PCI SSC Acceptance (optional*) * Applicable only if the Service Provider chooses to be listed on the List of PIN Service Providers on the Website.
Modified
p. 11
• Control Objective 3
Keys are conveyed or transmitted in a secure manner.
Modified
p. 12
• Control Objective 4
Key-loading to HSMs and POI PIN- acceptance devices is handled in a secure manner.