Just received notification from Witham Labs that HomeATM's "Safe"T"PIN (the "T" stands for "Transaction") should officially receive PCI 2.0 PED certification from PCI. 

Here's the notification from Witham Labs. 

Hello Ben, Susan, and Kenneth,

We've been tracking the approval status of the report, and recieved this from PCI this morning in response to our request about the status:

"Barring any last minute holdups by the PED group, HomeATM should clear the report cycle tomorrow."

I will continue to keep you informed of the status.

Best regards,

--

Andrew Jamieson
Technical Manager
Witham Laboratories
1/842 High Street
Kew East
Victoria 3102
Australia

*Download the Q4 2008 Witham newsletter from* http://www.withamlabs.com/component/content/article/224.html

 More about PED Evaluations from Witham Labs

Security & Compliance - PIN Entry Device Evaluations

Witham Laboratories specialises in the independent security evaluation of all security aspects of payment devices - particularly PIN Entry Devices and those providing cryptographic services. 

We are accredited to evaluate devices against international standards such as those of the Payment Card Industry (PCI), as well as local standards of varying regions, such as those of the Australian Payments Clearing Association (APCA).

Our clients actively seek us from around the world for our flexibility, innovation and expertise:

• Our evaluations cover both physical and logical security
• Evaluations can be performed to a customer specified level or against industry standards
• Many of our clients take advantage of our ability to produce reports for multiple payment schemes, minimising the cost and time involved
• We are at the leading edge for knowledge of current best practice and evolving industry requirements

PCI PIN Entry Device requirements

A presentation detaiing the PCI PED testing and evaluation process can be downloaded here. 
Alldevices that accept MasterCard, Visa, JCB, Discover, or AmericanExpress PINs must be evaluated by a PCI approved laboratory. WithamLaboratories is the only organisation in the Asia-Pacific region accredited by the PCI to test PIN Entry Devices (PEDs), among only eight in the world.

WithamLaboratories can perform full evaluations on any device, and provideguidance to assist in the understanding of the PCI criteria, which canoften be daunting. PCI currently have standards for the evaluation of POS PIN Entry Devices (POS PED), and Encrypting PIN Pads (EPP). New standards for Unattended Payment Terminals (UPT) and Hardware Security Modules (HSM) are under consideration.

Our clients find our knowledge on how the PCI criteria apply to their individual products invaluable. As an independent laboratory, we are not permitted to assist in the design of a product, but we offer a pre-evaluation service to begin assisting clients as early as possible in their projects.

Experience has shown that a pre-evaluation helps to avoid problems early in the design of a product, saving time and money further down the track. Many devices are not compliant with the PCI standard when submitted for the first evaluation.

Westrongly recommend that additional time is factored into projects toallow for additional evaluations, and that the cost of a secondevaluation is considered when comparing prices.

APCA requirements for PIN Entry Devices

All PIN Entry Devices for the Australian market must be evaluated by an APCA approved laboratory. Witham Laboratories is the only APCA accredited laboratory in the Asia-Pacific region.

As we are Australian based, we have close ties to APCA and can provide important insightinto the requirements and processes involved in gaining accreditation.The APCA requirements are provided in Standards Australia's AS 2805.14, which is similar to ISO13491, from the International Organization of Standardization.
Currently,APCA recognises the evaluation of POS PIN Entry Devices (POS PED),Automatic Teller Machines (ATM), Hardware Security Modules (HSM), andEncrypting PIN Pads. We are the only laboratory with experience inevaluating all of these devices to APCA requirements.

Witham Laboratories is the premium provider of evaluations in the Asia-Pacific region:

• We can conduct multiple evaluations at a discounted price for clients who want to gain both PCI and APCAapproval, saving both time and money. Devices that will acceptMasterCard, Visa, or JCB PINs in Australia will need APCA and PCIcertification
• The APCA requirements contain several subtle differences to those of PCI, and our clients have found that our detailed understanding of these differences has greatly assisted them when bringing products into the Australian market

The evaluation process

Once supplied with a minimum level of samples and supporting documentation, our evaluations are conducted as quickly and efficientlyas possible - typically 4 weeks for a full report. A full APCAevaluation will take about 4 weeks as well. Once the report iscompleted, we seek client's approval before sending it to APCA foraccreditation. This can take 2-4 weeks.

We happily provide valuable feedbackto our clients throughout evaluations, maintaining close contact andoffering as much advice and guidance as possible. Our advice hasassisted a number of manufacturers to quickly bring their products intocompliance with the new PCI requirements.

Related articles

• Signature Debit Wrestles Fraud, Get's PIN'd (pindebit.blogspot.com)
• On to the Next Breach... (pindebit.blogspot.com)
• Reminder: ProPay's 2009 Data Security Summit (pindebit.blogspot.com)
• Chase Paymentech Predicts: PIN Debit Ubiquitous on Web by 2012 (pindebit.blogspot.com)
• Updated: Acculynk...Where's the PIN Offset? My Pet PVV (pindebit.blogspot.com)