PCI PIN Security v3.1

PIN Security Requirements:
3-2 PINs enciphered only for transmission between the PIN entry device and the IC reader must use one of the PIN-block formats specified in ISO 9564. Where ISO format 2 is used, a unique-key-per-transaction method in accordance with ISO 11568 shall be used. Format 2 shall only be used in connection with either offline PIN verification or PIN change operations in connection with ICC environments.
Testing Procedures:
3-2.a Using the summary from Requirement 1, identify any non-PCI-approved devices and device types for which the ICC card reader is not integrated in the PIN entry device. For each of these device types, Interview applicable personnel to determine that PINs enciphered only for transmission between the PIN entry device and the ICCR use one of the PIN-block formats specified in ISO 9564. If format 2 is used, verify that a unique-key-pertransaction method in accordance with ISO 11568 is used.
Note: PCI-approved devices are validated to this; nevertheless, personnel must still be interviewed to validate the implementation.
3-2.b Examine device documentation to validate that the device functions as described above.