Stockholm, October 23, 2022. Surfboard Payments continues to strengthen the security for their customers. In addition to the previous PCI DSS certification, the company has now obtained PCI PIN.
PCI PIN gives Surfboard Payments the right to process the most sensitive information in payments: the PIN. This means that all data, even the PIN code, will be processed in maximum security all the way through, from our card terminals to the card issuer. Among bigger players, this procedure is usually outsourced, but that was never an option for Surfboard Payments who want to take responsibility for the full transaction without dependencies from a third-party service provider.
Amongst the products Surfboard Payments offer to the market, both hardware and software terminals are present, which now both fall under the PCI PIN certification. The software-based Tap to Phone solution offered to small-, and micro-merchants through the Surfpay app, and to larger merchants through the Connect offering, this gives the company a big advantage over competitors who fully rely on the time-limited scheme waivers. With this certification, Surfboard Payments can ensure their merchants that their payments fulfill the strictest security standard set by PCI.
- By achieving PCI PIN certification, Surfboard Payments AB has demonstrated, to a PCI-accredited lab, that we are able to protect customer card data by adhering to the strictest security standard set by PCI. Even within PCI PIN, we only support the strongest algorithms permitted and the most secure PIN block format. In Surfboard Payments, security and compliance are part of our innovation and integrated into all stages of product design and development, says Neal Hindocha, Chief Security Officer at Surfboard Payments.
This is PCI PIN
PCI PIN refers to the security requirements and assessment for merchants who accept, or process PIN codes. The PIN Security requirements are set by the Payment Card Industry Security Standards Council (PCI SSC).
The purpose of a PCI PIN Assessment is to assess that organizations are securely managing and processing PIN data for online and offline card transactions. This involves encryption and key management of the PIN transaction and the secure management of processing equipment. The card terminal (hardware- and software-based ones) and the hardware security module (HSM) used to decrypt the PIN code and manage the keys are all important parts of the assessment. The PCI PIN Assessments are done every 2 years post the first successful Assessment.
Read more about Surfboard Payments, the company behind the Surfpay app, here »