PCI Security Standards Council bulletin on the expiration of the approval of PCI PTS POI version 2 devices

PCI Security Standards Council bulletin on the expiration of the approval of PCI PTS POI
version 2 devices

10 April 2017

PCI Security Standards Council (PCI SSC) approval of devices validated against version 2.0 of the PCI PIN Transaction
Security Point of Interaction (PTS POI) requirements expires 30 April 2017, as delineated in the Expiry Dates section of
the PTS Device Testing and Approval Program Guide. This expiration indicates devices may not be able to withstand the
latest generations of attacks and should therefore be replaced as soon as feasible. Effective 30 April 2017, the affected
devices will be removed from the approved POI devices list on the PCI SSC website and listed separately here.

The PCI SSC advises merchants, financial institutions, vendors and other users of PTS POI v 2 devices, specifically v2
PEDs (PIN entry devices) and EPPs (encrypting PIN pads), and v1 UPT (unattended payment terminal) devices to
contact their device vendors regarding the availability of more recently approved models to use as replacements and in
new deployments.

Users of such devices should also contact the applicable acquiring financial institution or payment brand(s) for specific
requirements on the deployment, replacement and retirement of devices after the expiration of their approval by the PCI
SSC. Payment brand contact details can be found here.