What is TR-39 Gap Analysis?
A TR-39 and/or VISA PIN audit provides a certified report on an organization’s controls around PIN-based transactions including encryption, key management, and key protection. This can include both symmetric and asymmetric encryption controls, key inventory and ceremony, and inspection of datacenters, HSMs, and physical safes.
Why do a TR-39 Gap Analysis?
An audit is generally required as part of a contract from an Electronic Funds Transfer (EFT) or debit network for a bank, or from a bank to a merchant retailer if they switch their own debit transactions. Third parties such as key loading facilities may also need an audit performed.
For organizations that have never been audited, a TR-39 gap assessment is a smart choice. The gap assessment includes interviews and document reviews to identify possible weaknesses in the TR-39 program for remediation prior to an audit.
How can we help?
SecureState has multiple Certified TR-39 Auditors (CTGA) with backgrounds in cryptography and transaction security. Unlike many CTGAs, SecureState resources have a strong technical security background.