PCI PIN Security

The PCI Security Standards Council is a global forum for the ongoing development, enhancement, storage, dissemination, and implementation of security standards for account data protection. The Standards Council was established by the major credit card associations (Visa, MasterCard, American Express, Discover, and JCB) as a separate organization to define appropriate practices that merchants and service providers should follow to protect cardholder data.

The PCI PIN Security standard is a set of requirements for the secure management, processing, and transmission of personal identification number (PIN) data during online and offline payment card transaction processing at ATMs and point-of-sale (POS) terminals.

Google Cloud has undergone an independent third-party audit to certify individual products against the PCI PIN Security standard. This means that these products and cloud services provide an infrastructure upon which customers may build their own PIN transaction processing solutions. It is important to note that customers are still responsible for ensuring that their applications are PCI PIN compliant.

Certain Google Cloud services have been reviewed by an independent Qualified Pin Assessor and determined to meet applicable PCI PIN requirements. The PIN Assessor issued an Attestation of Compliance (AoC) for the physical hosting, physical security, physical destruction and chain of custody for Bare Metal Rack HSM and Bare Metal HSM.

Potential customers can reach out to sales for more information.