PCI PIN Security v3.1

PIN Security Requirements:
13-2 Only SCDs shall be used in the loading of clear-text secret or private keys or their components outside of a secure key-loading facility, as delineated in the requirements contained in Annex B. For example, ATM controller (computer) keyboards or those attached to an HSM shall never be used for the loading of clear-text secret or private keys or their components.
Note: The addition of applications that replace or disable the PCI-evaluated firmware functionality invalidates the device approval for each such implementation unless those applications are validated for compliance to PTS POI Security Requirements and listed as such in the approval listings. If modified PEDs are not validated and approved to the KLD approval class, they must be managed in accordance with Annex B Requirement 13-9.
Testing Procedures:
13-2.a Examine documentation to verify that only SCDs are used in the loading of clear-text secret or private keys or their components outside of a secure key-loading facility, as delineated in this requirement. For example, ATM keyboards or keyboards attached to an HSM shall never be used for the loading of clear-text secret or private keys or their components.
13-2.b Observe a demonstration of key-loading to verify that only SCDs are used in the loading of clear-text secret or private keys or their components outside of a secure key-loading facility.