ITA Partnership, LLC

Technical Guideline #3 is an audit of PIN debit transactions within Automated Teller Machine (ATM) or Point of Sale (POS) environments.    This audit guideline was developed by the American National Standards Institute (ANSI) to provide a minimum level of security in place with regards to management and handling of card holders' PINs in debit transactions as well as handling of cryptographic data used to protect such PINs.   This audit is required to be completed every other year with the year ending in an even number.  In 2008 the compliance audit is required.

Compliance with TG-3 audit means there needs to be clear and explicit procedures for any activity that involves use and handling of encryption Keys. These procedures need to address step by step actions that need to be taken by designated individuals to handle or process Keys. We will complete the audit and address the following requirements:

• Key Management Team Roles and Responsibilities
• Key Lifecycle Phases
• Key Generation
• Key Storage
• Key Loading
• Key Distribution
• Key Destruction
• Key Compromise in ATMs using manual Key loading
• Storage of cryptographic devices and tools
• Handling of cryptographic devices and tools
• Monitoring cryptographic errors in cryptographic devices and ATMs
• Repair and retirement of cryptographic devices and ATMs
• Remote Key Loading Procedures
• Key Compromise in ATMs using remote Key loading technology

ITA Partnership has been trained and will assist your company in completion of this compliance requirement.  We will perform the audit, prepare the necessary supporting detail and help you with the reporting requirements.