Kernel Management Guidelines: Payments Security Task Force (PST)
Kernel Management Guidelines: Payments Security Task Force (PST)
For
more
informa3on
on
the
EMV
Migra3on
Forum,
please
visit
hMp://www.emv-‐connec3on.com/emv-‐migra3on-‐forum/
Announced
in
March
2014,
the
Payments
Security
Task
Force
is
a
cross-‐industry
group
focused
on
driving
execu3ve
level
discussion
that
will
enhance
payment
system
security.
The
Task
Force
comprises
a
diverse
group
of
par3cipants
in
the
U.S.
electronic
payments
industry
including
payment
networks,
banks
of
various
sizes,
credit
unions,
acquirers,
retailers,
industry
trade
groups,
and
point-‐of-‐sale
device
manufacturers.
Introduc3on:
Kernel
Management
Guidelines
Note: This webcast is one in a series of webcasts which will provide U.S. value added resellers,
independent software vendors and merchant organizations with understanding of the U.S. market for
EMV migrations, U.S. debit deployment, development preparation, lessons learned and testing
considerations to assist with EMV chip migrations.
Kernel
Management
Guidelines
! A
kernel
can
be
supported
on
more
than
one
device
(terminal
family).
! Consult
with
your
terminal
vendor
to
determine
if
the
terminal
is
the
same
family
which
can
reduce
tes3ng.
! Reduce
the
number
of
configura3ons
deployed
which
can
reduce
tes3ng
efforts.
! The
current
EMVCo
recommenda3on
is
expired
kernels
should
be
replaced
within
one
year
afer
expira3on
date.
Any
new
deployments
would
require
a
new
approved
kernel,
requiring
a
separate
payment
network
cer3fica3on.
Recommenda:ons
! Evaluate
kernel
updates,
when
available
by
the
terminal
vendor.
! If
an
interoperability
issue
is
iden3fied,
the
acquirer
will
need
to
be
able
to
make
the
necessary
changes
which
may
include
updates
to
the
kernel.
Payment
network
tes3ng
will
also
be
required.
Consult
with
your
acquirer
and
payment
network
for
more
details
on
their
EMV
implementa3on
requirements.
UL
-‐
Transac3on
Security
Division
Russell
Wolfe
[email protected]