Visa PED approval is a security approval that concerns the Pin Entry Device (PED). This approval ensures that the PIN code and related data (like cryptographic keys) is kept secret.
Visa PED approval is required for all devices used for PIN entry. For newer devices, Visa PED approval has been superseded by PCI approval. Current Visa PED approvals are valid 3 years from the approval date.
There are different requirements for online and offline devices.
Prevent unauthorized removal
An important feature of the PED requirements is that the devices need to include protection against unauthorized removal. All Cryptera secure devices include removal detection and a secure scheme for authorized activation of a newly installed device. This concept is part of PED approval.
Verify PIN off-line
Off-line PIN verification is an integral part of the EMV (chip and PIN) concept. If the card reader and the PIN pad are separate devices, PED requirements demand that the PIN is suitably encrypted when it is transferred from the PIN pad to the card reader. Cryptera PIN pads synchronize encryption keys with the Cryptera secure card reader as part of the installation process. The Cryptera concept allows authorized activation and key synchronization after replacement of either device in the field. In other words: Devices are not paired from the factory.
