Device Security and Evaluations
APCA's device evaluation and approval process provides strong protection for cardholders' PINs by ensuring that all PIN entry devices used for domestic debit transactions in Australia meet best practice security standards.
Within the IAC all Point of Sale (POS) devices, Automatic Teller Machines (ATMs), unattended payment terminals, back-end security processors, and any other device that handles unencrypted PINs or associated cryptographic keys must undergo evaluation to the IAC device security standards.
Details of all current approved devices, including relevant versions are available here.
Approved Evaluation Facilities
Evaluations must be performed by an Approved Evaluation Facility (AEF) for submission to APCA for approval. A list of these facilities is available here.
The IAC device security standards are aligned with current Australian and international standards. Details are available in the IAC Code Set.
The process for considering non-standard technologies at Point of Interaction has been established in order to allow and encourage innovation; and to address emerging technologies while limiting the potential for fraud.
IAC Process for Consideration of Non-Standard Technologies - Download PDF