MasterCard indeed changed its policy regarding using remote key injection to install new encryption keys on point-of-sale (POS) systems, but the change was only to ban when the hardware is not already PCI compliant. If it's PCI compliant--which many are--then it's not an issue. "Our customers and vendors can use Remote Key Injection services to upgrade the terminals if those services meet all aspects of the PCI Pin Security Requirements," said a MasterCard clarifying statement issued Friday (July 10).
Just a few weeks after it roughed up Level 2 merchants with demand for on-site assessments, a dustup with MasterCard was causing confusion about their remote key injection policy. A Gartner report this week--carried by Computerworld--said that MasterCard was rejecting it.