Device Security and Evaluations
APCA's device evaluation and approval process provides strong protection for cardholders' PINs by ensuring that all PIN entry devices used for CECS transactions in Australia meet best practice security standards.
Within CECS all Point of Sale (POS) devices, Automatic Teller Machines (ATMs), unattended payment terminals, back-end security processors, and any other device that handles unencrypted PINs or associated cryptographic keys must undergo evaluation to the CECS device security standards.
Details of all current approved devices, including relevant versions are available here.
Approved Evaluation Facilities
Evaluations must be performed by an Approved Evaluation Facility (AEF) for submission to APCA for approval. A list of these facilities is available here.
The CECS device security standards are aligned with current Australian and international standards. Details are available in the .