PCI Security Standards Council bulletin on the expiration of the approval of PCI PTS POI version 2 devices

· Press releases

PCI Security Standards Council (PCI SSC) approval of devices validated against version 2.0 of the PCI PIN Transaction Security Point of Interaction (PTS POI) requirements expires 30 April 2017, as delineated in the Expiry Dates section of the PTS Device Testing and Approval Program Guide. This expiration indicates devices may not be able to withstand the latest generations of attacks and should therefore be replaced as soon as feasible. Effective 30 April 2017, the affected devices will be removed from the approved POI devices list on the PCI SSC website and listed separately here.

The PCI SSC advises merchants, financial institutions, vendors and other users of PTS POI v2 devices, specifically v2 PEDs (PIN entry devices) and EPPs (encrypting PIN pads), and v1 UPT (unattended payment terminal) devices to contact their device vendors regarding the availability of more recently approved models to use as replacements and in new deployments.

Users of such devices should also contact the applicable acquiring financial institution or payment brand(s) for specific requirements on the deployment, replacement and retirement of devices after the expiration of their approval by the PCI SSC. Payment brand contact details can be found here.