Title Image


TR-39 & PCI SSC PIN Security & Key Management Compliance Training

CPE Logo 3 - Copy

X9 Core Class

The group-live 4-day training course is designed to provide both internal and external auditors with the necessary tools to
complete the ANSI X9/TR-39-2009 Compliance Review for NYCE Payments Network, LLC, Pulse® Corporation, and STAR®

4-Day Core Class (CPE 32 credits)

Level: Basic
Prerequisites: None

Day One:

  • Processor and Auditor Responsibilities
  • Compliance Review Objectives
  • Network Respondent Forms
  • Symmetric Key Management Introduction
  • Key Names and Hierarchy
  • Cryptogram Notation
  • Diagram of PIN Transaction Flow
  • PIN Translation
  • Characteristics of TRSMs
  • Group Project

Day Two:

  • Cardholder Authentication Methods
  • PIN Block Formats
  • Exclusive-or
  • Introduction to Symmetric Key Life Cycle, Including:
    • Key Check Values
    • Single-Length vs. Double-Length Keys
    • Single DES vs. Triple DES
  • Approved Key Methodologies
  • Asymmetric Keys for Distributing Symmetric Keys – high level
  • Group Project

Day Three:

  • Review and obtain and Understanding of Each Control Objective in ANSI X9-TR-39 Current Version, Section 4
  • Techniques for Measuring Compliance
  • Group Project

Day Four:

  • Compliance Review Field Work Activities
  • General Key Management Documentation
  • Reporting the Findings


A passing grade is required for all auditors performing a TR-39 review at the processor level, for Pulse® Corporation and STAR® participants only. Auditors receiving a passing grade will also receive the CTGA designation. Examination criteria and relevant information will be provided through each network’s normal communication methods. Exam time allowance is four hours. Delap will offer three opportunities in 2018 to sit for the exam. Once you have passed the exam, there is no need to re-take it, but you will need to take a refresher class every 24 months.

Note: Please allow 2-4 weeks to receive exam results..

Delap is authorized to teach this PCI SSC PIN course through endorsement by Discover Financial Services.

PCI v3.0 Core Class – TBA

‘Refresher’ Classes

A “refresher” class is required every 24 months. We offer two group-live refresher classes based on X9 standards as
described below. PCI PIN & X9 Standard Core Class also satisfy this requirement.

3-Day Class (CPE 24 credits)
Symmetric Key Management Review, ANSI/ISO/Network
Updates, Introduction to EMV, E2E and Payment
Tokenization Class 

Level – Intermediate: Prerequisites – 4-Day core class; 2-Day Asymmetric Class.

Day One:

  • Updates on relevant ANSI Standards and Network Operating Rules
  • Review and Obtain an Understanding of Each Control Objective in the ANSI X9/TR-39 Current Version, Section 4
  • Group Projects:
    • Analysis of Reports/Application to TR-39 Section 4
    • Analysis of Various Work Papers/Application to TR-39 Section 4

Day Three:

  • Payment Tokenization
    • Card Emulation (CE)
    • Host Card Emulation – Device
    • Host Card Emulation – Cloud
    • Registration and Transaction Flow
    • Group Project
      • Lab
      • Diagram EMV Transactions

Day Two:

  • Chip Card Technology
    • Concepts of Contact Chip Cards for ATM and POS
    • Introduction to EMV Specifications Documents
    • PIN and Sensitive Data Security
    • Key Management
    • Online and Offline PIN transactions
  • E2E (End-To-End Encryption)/P2PE (Point-To-Point Encryption)
    • Concepts of Encrypting Sensitive Data for Transport and Storage
    • Update on the ANSI Standard X9.119
    • Sensitive Data Security
    • Key Management
    • Group Projects
      • Lab
      • Diagram EMV transactions

2-Day Asymmetric Key Class (CPE 16 credits)

Level: Intermediate
Prerequisites: 4-Day Core Class

Day One:

  • Concepts of Public Key Infrastructure (PKI)
  • Remote Symmetric Key Distribution Using Asymmetric Methods Described in ANSI X9.24, Part 2 for:
    • ATM Key Loading
    • POS Key Loading
    • HSM Key Loading
    • ‘Proxy Host’ Solutions

Day Two:

  • Obtain an understanding of each control objective in the ANSI TR-39 current version, Section 5 including updates to X9.24 Part 2 – 2017

Please note all classes meet the Network requirements for “Refresher Class”

Class Times – All Classes, unless noted otherwise:

  • Daily: 8:00 AM to 4:30 PM
    • Break times: Morning and afternoon; 10 minutes each
    • Lunch: Daily- 11:30 AM to 12:30 PM (1 hour)

To View the complete TR-39 & PCI SSC Compliance Course Brochure Click here:
(Course Brochure pdf)

These Courses have been approved by NYCE Payments Network, LLC, PULSE ®, and STAR® Network for auditors to complete the ANSI X9/TR-39-2009 Compliance Review.

Other Services:

  • ANSI TR-39 and PCI PIN Security Consulting and Training
  • Network required ANSI TR-39 and PCI PIN (v2.0) Security Compliance Reviews
  • PCI DSS Assessments
  • Symmetric and PKI Consulting for Retail Banking Industry
  • SSAE 16
  • IT Security Audits and Consulting
  • Network Vulnerability and Penetration Testing

Ready, Let’s Talk.

Schedule a Free Consultation to see what we can do for your business.

Ready, Let's Talk

When you engage Delap Cyber, you open the door to a collaborative partnership where the focus is on helping you achieve the best possible outcome for your business. You share information, challenges, concerns, etc. and we provide you with situational analysis, independent assessments, and fact-based guidance tailored to your environment, and ongoing subject matter expertise empowering your business to reach the next level. Isn’t it great having someone to rely on?