TR-39 & PCI SSC PIN Security & Key Management Compliance Training
Delap LLP is registered with the National Association of State Boards of Accountancy (NASBA), as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through their website: www.nasbaregistry.org.
Core Class
The group-live 4-day training course is designed to provide both internal and external auditors with the necessary tools to complete the PIN Security Compliance reviews for payment networks such as NYCE Payments Network, LLC, Pulse® Corporation, and STAR® Network.
4-Day Core Class (CPE 32 credits)
Level: Basic
Prerequisites: None
Day One:
- Processor and Auditor Responsibilities
- Compliance Review Objectives
- TR-39 and PCI PIN Security Requirements History
- Network Respondent Forms
- Symmetric Key Management Introduction
- Key Names and Hierarchy
- Cryptogram Notation
- Diagram of PIN Transaction Flow
- PIN Translation
- Characteristics of SCDs
- Group Project
Day Two:
- PIN Block Formats
- Exclusive-or
- Introduction to Symmetric Key Life Cycle, Including:
- Key Check Values
- Single-Length vs. Double-Length Keys
- Single DES vs. Triple DES
- Dual Control and Split Knowledge
- Key Forms
- Enviornments
- Group Project
Day Three:
- Key Life Cycle Requirements
- Approved Key Methodologies
- Key Blocks
- Group Project
Day Four:
- Review PCI PIN Security Control Objectives and Requirements
- Techniques for measuring compliance
‘Refresher’ Classes
A “refresher” class is required every 24 months. We offer two group-live refresher classes based on X9 standards and PCI PIN Security Requirements v3.0 as described below. Core Class also satisfies this requirement.
2-Day X9 Refresher Class (CPE 16 credits)
Symmetric Key Management Review, ANSI/ISO/Network
Updates, Introduction to EMV, and E2E
Level: Intermediate
Prerequisites: 4-Day core class; 2-Day Asymmetric Class
Day One:
- Updates on relevant ANSI Standards and Network Operating Rules
- Review and Obtain an Understanding of Each Control Objective in the ANSI X9/TR-39 Current Version, Section 4
- Group Projects:
- Analysis of Reports/Application to TR-39 Section 4
- Analysis of Various Work Papers/Application to TR-39 Section 4
Day Two:
- Chip Card Technology
- Concepts of Contact Chip Cards for ATM and POS
- Introduction to EMV Specifications Documents
- PIN and Sensitive Data Security
- Key Management
- Online and Offline PIN transactions
- Group Project
- E2E (End-To-End Encryption)/P2PE (Point-To-Point Encryption)
- Concepts of Encrypting Sensitive Data for Transport and Storage
- Update on the ANSI Standard X9.119
- Sensitive Data Security
- Key Management
- Group Projects
- Lab
- Diagram EMV transactions
3-Day Refresher Class with PCI PIN (CPE 24 credits)
Symmetric Key Management Review, ANSI/ISO/Network Updates, PCI PIN v3, Introduction to EMV and E2E
Level: Intermediate
Prerequisites: 4-Day core class; 2-Day Asymmetric Class.
Day One:
- Updates on relevant ANSI Standards and Network Operating Rules
- Review Control Objectives in the ANSI X9/TR-39 Current Version, Section 4
- Group Projects:
- Analysis of Reports/Application to TR-39 Section 4
- Analysis of Various Work Papers/Application to TR-39 Section 4
Day Two:
- Review Control Objectives and Requirements in PCI PIN Version 3.0, Transaction Processing Operations
- Techniques for measuring compliance
Day Three:
- Chip Card Technology
- Concepts of Contact Chip Cards for ATM and POS
- Introduction to EMV Specifications Documents
- PIN and Sensitive Data Security
- Key Management
- Online and Offline PIN transactions
- Group Project
- E2E (End-To-End Encryption)/P2PE (Point-To-Point Encryption)
- Concepts of Encrypting Sensitive Data for Transport and Storage
- Update on the ANSI Standard X9.119
- Sensitive Data Security
- Key Management
- Group Projects
- Lab
- Diagram EMV transactions
2-Day Asymmetric Key Class (CPE 16 credits)
Level: Intermediate
Prerequisites: 4-Day Core Class
Day One:
- Concepts of Public Key Infrastructure (PKI)
- Remote Symmetric Key Distribution Using Asymmetric Methods Described in ANSI X9.24, Part 2 for:
- ATM Key Loading
- POS Key Loading
- HSM Key Loading
- ‘Proxy Host’ Solutions
Day Two:
- Obtain an understanding of each control objective in the ANSI TR-39 current version, Section 5 including updates to X9.24 Part 2 – 2017
- Review PCI PIN Security Requirements v3.0 Amex AI
Please note all classes meet the Network requirements for “Refresher Class”
Class Times – All Classes, unless noted otherwise:
- Daily: 8:00 AM to 4:30 PM
To View the complete TR-39 & PCI SSC Compliance Course Brochure Click here:
(Course Brochure pdf)
Other Services:
- ANSI TR-39 and PCI PIN Security Consulting and Training
- Network required ANSI TR-39 and PCI PIN (v2.0) Security Compliance Reviews
- PCI DSS Assessments
- Symmetric and PKI Consulting for Retail Banking Industry
- SSAE 16
- IT Security Audits and Consulting
- Network Vulnerability and Penetration Testing
Ready, Let's Talk
When you engage Delap Cyber, you open the door to a collaborative partnership where the focus is on helping you achieve the best possible outcome for your business. You share information, challenges, concerns, etc. and we provide you with situational analysis, independent assessments, and fact-based guidance tailored to your environment, and ongoing subject matter expertise empowering your business to reach the next level. Isn’t it great having someone to rely on?