Skip Ribbon Commands
Skip to main content
Home > Services > Regulatory > TR39


What is TR-39?

Billions of PIN activated transactions are switched through shared ATM and POS networks each year. Each of these transactions is originated using a debit or credit card and Personal Identification Number. With each interchange transaction, the security of the customer's PIN must rely on the security procedures and controls of the various processing entities and use certified devices such as Host Security Modules (HSM). The most common standard used to evaluate organizations is the Technical Guide (TR-39 formerly known as TG-3) developed by ANSI as part of theX9 standards for financial institutions.

Why do TR-39?

TR-39 is a standard that is required by all organizations that accept debit cards. This standard has many similarities to PCI, however is solely focused on the protection of the PIN associated with debit cards. Just like PCI, TR-39 is a contractual standard that is not government regulated.

How we can help?

As a certified TR-39 Auditor, SecureState is one of very few companies that are certified to handle both the credit and debit side of an electronic transaction. SecureState can provide your organization with a certified audit that will be submitted to your processor/bank.