Consumers and organizations have a variety of options for making and receiving payments. While these payment types share the ultimate goal of transferring funds from payer to payee, the path those funds travel and the approaches employed for safely and securely completing transactions vary. The Secure Payments Task Force developed the Payment Lifecycles and Security Profiles as an educational resource and to provide perspectives related to:

  • The lifecycles of the most common payment types, covering enrollment, transaction flow and reconciliation
  • Security methods, identity management controls and sensitive data occurring at each step in the payment lifecycles
  • Relevant laws and regulations, and other references, as well as challenges and improvement opportunities related to each payment type

The profiles employ a consistent format for describing the lifecycle of each payment type. The lifecycle template is not designed to represent the nuances of specific payment transaction flows, but as a broad taxonomy that can be applied across different payment types for understanding and comparing controls and risks. The profiles are not all-encompassing in describing the layered security strategies that may be employed by specific networks, providers or businesses and shouldn’t be considered an assessment of overall security of different payment types. The improvement opportunities noted in the profiles highlight areas for further industry exploration and are not intended as guidance or specific solutions to be implemented.

These valuable resources were developed through the collaborative efforts of more than 200 task force participants with diverse payments and security expertise and perspectives. It is the hope of the task force that by helping industry stakeholders better understand these payments processes, the security and risks associated with these processes, and potential improvement opportunities, they will be well positioned to take action to strengthen their payment security practices.

Note: These materials were created by the Secure Payments Task Force and are intended to be used as educational resources. The information provided in the Payment Lifecycles and Security Profiles does not necessarily reflect the views of any particular individual or organization participating in the Secure Payments Task Force. The document is not intended to provide business or legal advice and is not regulatory guidance. Readers should consult with their own business and legal advisors.

Feedback and/or questions related to the Payment Lifecycles and Security Profiles can be submitted by using the “provide feedback” form.

This overview supports the Payment Lifecycle and Security Profile for the Card Present PIN Payment Type.

Card Present PIN Definition: A payment card (e.g. credit or debit) transaction whereby the cardholder presents the card and enters a personal identification number (PIN), a secret numeric password known only to the cardholder and a system, to authenticate the cardholder to the system, and/or biometric authentication which authenticates the cardholder to the device and would include attributes used by the issuer for risk evaluation. The cardholder is only granted access if the PIN provided matches the PIN in the system and/or biometric authentication of the device. PINs are used throughout the industry and include ATM, Point of Sale (POS), Mobile Wallets, and eCommerce transactions. A PIN may also be used to complete a debit card transaction where the magnetic stripe of the card is swiped at the point of sale or transactions, an EMV chip card transaction where the chip of the card is inserted at the point of sale and the PIN replaces the cardholder’s signature to authorize the transaction, or on E-commerce sites where a virtual PIN pad is enabled.

Overview of Laws, Regulations and References on Payment Security (Including Challenges and Improvement Opportunities)

Legal and Regulatory References


Other References


Challenges and Improvement Opportunities


Last Updated: 02/21/2018


1Card Verification Values: Card Verification Values represent data elements that are (1) encoded on the magnetic stripe or the chip of a payment card; or (2) printed on the physical payment card and are used to validate the card information during the transaction authorization process. Card Verification Values encoded on the magnetic stripe (e.g. CAV, CVV, CVC, CSC) or on the chip (e.g. dCVV, iCVV) are generated via a secure cryptographic process and may be static or dynamic data used to validate the card during the authorization process. Card Verification Values printed on the physical card (e.g. CID, CAV2, CVC2, CVV2) may be three-digit or four-digit codes printed on the front or back of the physical card that are uniquely associated with the physical card and ties the primary account number to the physical card.  Note: Payment network rules and the Payment Card Industry (PCI) Security Standards Council provide additional definitions of Card Verification Values.

Notice: ob_end_flush(): failed to send buffer of zlib output compression (0) in /home/radar/public_html/ on line 5109