Those of you who have searched through the extensive documentation available on PCI regulations may have stumbled onto guidelines relating to “SRED compliance.” What might this be? SRED is an acronym for Secure Reading and Exchange of Data, and it refers to the Point of Interaction (POI) security standard as outlined in the PIN Transaction Security (PTS) requirements, version 3.1.
The POI is the initial point where credit cardholder data is captured. The SRED module of the PTS protocols lists a variety of requirements to ensure that all POI devices used to process payment cards conform to an acceptable level of security.
For example, these devices must encrypt account numbers immediately upon entry or provide a sufficiently secure plain-text environment. This guarantees that all cardholder data is well protected at the POI. It must be noted, however, that a SRED-compliant device does not in itself provide an overall,comprehensive point-to-point encryption (P2PE) solution, but, it must function adequately as the initial point of any such solution.