RBS WorldPay works very closely with the credit card associations and equipment vendors to ensure that your processing equipment meets industry PIN-entry Device (PED) standards.
Both VISA PED and PCI PED Security standards specify a series of requirements PIN Pad manufacturers must meet in order to dramatically reduce the risk of a security compromise. For more information on PIN pad compliance, visit http://partnernetwork.visa.com/dv/pin/main.jsp.
RBS WorldPay has defined the following categories of PEDs for the purposes of this communication. Each list included below also indicates which RBS WorldPay-supported PEDs support Triple DES (TDES) encryption. Visa strongly recommends that PEDs sold after January 1, 2004 support this form of encryption.
You can validate the encryption method of your PED by looking at the color of the RBS WorldPay sticker on the bottom of the device. Gold stickers are Single DES DUKPT and bronze stickers are Triple DES DUKPT.
- Non-PED Compliant devices:
Before 2004, only minimal standards governed the manufacture of PEDs - and primarily the only things required were the protection of the master keys, key encryption schemes and proper software operation of the device. Validation of software requirements and tamper prevention and detection were left to the individual manufacturer. These devices are typically referred to as "non-approved" devices. Current card association regulations require that these devices be removed from service by July 1, 2010. Due to the risk of a tampering compromise, however, retailers may wish to consider replacing these devices sooner. If you wish to update your equipment now, please contact our Customer Care department at 1.800.859.5965, Option 3.
Click here to view a list of non-PED compliant devices.
- Visa PED-Approved devices:
All PIN Pad or terminal devices sold after January 1, 2004 were required to conform to VISA PED requirements. At this point in time, any device manufactured to conform to VISA PED requirements does not have a sunset date - meaning that there is no requirement that retailers remove them from service.
Click here to view RBS WorldPay’s list of Visa PED-approved devices. - PCI PED-Approved devices: PIN Pad or terminal devices that have been on the market for about two years, and only products meeting PCI PED requirements may be purchased after December 31, 2007. These devices are the most secure and comply with current security standards. OEMs will not be allowed to sell these devices after 2014.
- Visa PED-Approved devices with PCI PED Approval Pending: RBS WorldPay supports several devices that are Visa PED-approved and are currently undergoing PCI PED approval, which is expected to be completed by fourth quarter 2007.
Click here to view RBS WorldPay’s list of Visa PCI PED-approved devices.
Click here to view RBS WorldPay’s list of Visa PED-Approved devices awaiting PCI approval.