ATM Network Security TR-39 Audits Keep Your Network Secure
Network processors require biannual audits to comply with American National Standards Institute (ANSI) standards and requirements. FTSI’s certified and trained auditors handle the complete TR-39 technical audit of the security of PIN debit transactions of ATMs. These audits comply with requirements by Star, NYCE and Pulse and other EFT networks.
Is your audit due this year?
Today, security is top of mind for people when it comes to their financial data. As a reputable financial institution, no doubt you have taken the necessary steps to mitigate risk and comply with American National Standards Institute (ANSI) standards and requirements.
Even if you are compliant, biannual network audits are required for financial institutions affiliated with PULSE, STAR, NYCE and other networks. FTSI offers a comprehensive TR-39 network security audit for credit unions and community banks looking for a trusted partner to perform this task. Is your audit coming up this year? Most networks require audits to be submitted every other year.
Proper procedures reduce the likelihood that a device could be compromised and establish the steps to be performed if a compromise is found. FTSI’s Certified TR-39 Auditor will help identify any areas of weakness in your security procedures. With FTSI’s help, you meet the expectations of your network processor.
ATM Network Security TR-39 Audits
Our trained and certified auditors will evaluate whether your financial institution is adhering to policies and procedures. Our review covers:
- Use of dual control and split knowledge
- Maintenance of proper logs
- Proper handling and storage of encryption keys
- Use of compliant devices and encryption techniques
Our TR-39 audit tests ATM controls and procedures that institutions have in place to comply with ANSI X9.8-1-2003, part 1 (Pin Security) and XP.24-1-2004, part 1 (Key Management) and must be performed by a certified TR-39 auditor.
The TR-39 guidelines apply to all organizations using the TDEA (Triple Data Encryption Algorithm) for the encryption of PINs used for retail financial services such as ATM transaction, messages among retailers and financial institutions and interchange messages among acquirers, switches and card issuers.
Our audit focuses on the these main areas of scrutiny: Policies and procedures must be established to ensure that proper controls are in place and are being followed.
Network Audit Requirements
• STAR – Certified TR-39 Auditor required for all processing members (direct or indirect). Must include copies of Certified TR-39 Auditor Certificate and a valid certificate of core or refresher training of the PIN security course. Deadline for submission of completed audits is December 31 of every even year.
• PULSE – Certified TR-39 Auditor required for all processing members (direct or indirect). Must include copies of Certified TR-39 Auditor Certificate and a valid certificate of core or refresher training of the PIN security course. Deadline for submission of completed audits is December 31 of every even year.
• NYCE – Any member who is processing transaction and is directly connected to NYCE must have this audit done. NYCE does not require a Certified TR-39 Auditor certification from any auditor, it only requires a valid certificate of attendance for a core/refresher TR-39 training and must only include a valid certificate of completion for the PIN security course. NYCE is the only network that will accept the PCI PIN Security review in place of the TR-39 report. The deadline for submission is no later than December 31st, two years from the date of the member’s first TR-39 audit.