PCI Security Standards Council Bulletin: Extension of Expiration of PCI PTS POI v5 Devices

PCI Security Standards Council Bulletin: Extension of Expiration of PCI PTS POI v5 Devices
11 September 2025
In response to continued industry feedback regarding global deployment challenges, the PCI Security
Standards Council (PCI SSC) has extended the expiry date for PCI PIN Transaction Security (PTS)
Point-of-Interaction (POI) version 5 devices from 30 April 2026 to 30 April 2027.
This limited one-year extension applies only to devices already approved under the PTS POI v5
Standard. It does not permit new device approvals under PTS POI v5. Device vendors with active PTS
POI v5 listings will be notified directly regarding the updated expiry timeline and listing details.
For those entities not affected by ongoing deployment or supply chain constraints, PCI SSC strongly
encourages migration to next-generation solutions, including devices approved to PTS POI v6 or later.
While earlier versions of PTS POI devices may offer comparatively lower resistance to certain emerging
attack vectors, PCI SSC does not believe this time-bound extension will result in a material increase in risk.
Rather, the extension is intended to support secure deployment continuity in the face of widespread
ecosystem challenges, such as limited technician availability, constrained hardware supply, and complex
upgrade timelines, particularly in embedded, unattended, and multi-component environments.
PCI SSC advises merchants, financial institutions, vendors, and other PTS POI device users, especially
those operating in complex deployment scenarios, to engage with their device providers to identify
appropriate upgrade paths and plan for future transitions in alignment with evolving requirements.
###