Document Comparison
PCI_PTS_POI_Technical_FAQ_v6_Dec_2025.pdf
→
PCI_PTS_POI_Technical_FAQ_v7_Dec_2025.pdf
26% similar
43 → 41
Pages
19888 → 19238
Words
23
Content Changes
Content Changes
23 content changes. 35 administrative changes (dates, page numbers) hidden.
Added
p. 9
June (update) 2025: In light of the discovery of the Padding Oracle on Downgraded Legacy Encryption (POODLE) attack, is SSL still an allowed protocol? A No. PCI requires that devices must only support Cipher Suites for use in TLS 1.2 or higher that provide at least 128 bits of security and that have no known vulnerabilities that reduce their effective strength below 128 bits. Cipher suites that comprise AES and other NIST-approved algorithms are acceptable to use. Furthermore, for all new POI evaluations using the Internet Protocol Suite, devices must support TLS 1.3 or higher. In addition, all delta evaluations for POI v3, v4, v5, or v6 devices where the open protocols module is impacted, must meet the same criteria.
Added
p. 12
June 2025: Does PCI PTS POI require a root of trust that is based in the ROM of the processor? A No. PCI PTS POI does require a root of trust, but this may be implemented in reprogrammable memory as long as this root of trust is implemented. All bullets apply:
• Using at least the minimum cryptographic key strength as required by the PCI PTS POI standard being assessed.
• In on-die memory (i.e., memory circuits that are integrated directly onto the same silicon die as the main processor) of the processor that is physically accessible only through use of chip-level equipment.
• Attacks to alter, disable, or otherwise circumvent this root of trust are considered during the PCI PTS POI evaluation, to an attack potential of 26 points for the application processor, and 35 points for the security processor. These attacks must consider exploiting any potential chip vulnerabilities, side channel and …
• Using at least the minimum cryptographic key strength as required by the PCI PTS POI standard being assessed.
• In on-die memory (i.e., memory circuits that are integrated directly onto the same silicon die as the main processor) of the processor that is physically accessible only through use of chip-level equipment.
• Attacks to alter, disable, or otherwise circumvent this root of trust are considered during the PCI PTS POI evaluation, to an attack potential of 26 points for the application processor, and 35 points for the security processor. These attacks must consider exploiting any potential chip vulnerabilities, side channel and …
Added
p. 33
September 2025: Does the criteria for storage and distribution of symmetric keys apply to private keys? A Yes. The same criteria applies. This includes at a minimum the use of the following attributes:
• One or more attributes as set by the intended purpose definition that defines the operations for which the key can be used.
• One or more attributes that define the cryptographic algorithm and mode of use for which the key can be used.
• One or more attributes that define whether the protected key may be transferred outside the cryptographic domain in which the key is found i.e., exportability.
• Authentication over the encrypted key and attributes (i.e., MAC, digital signature, or authenticated encryption).
• One or more attributes as set by the intended purpose definition that defines the operations for which the key can be used.
• One or more attributes that define the cryptographic algorithm and mode of use for which the key can be used.
• One or more attributes that define whether the protected key may be transferred outside the cryptographic domain in which the key is found i.e., exportability.
• Authentication over the encrypted key and attributes (i.e., MAC, digital signature, or authenticated encryption).
Added
p. 40
October 2025: The cryptographic key used for a keyed-hash function must be, at a minimum, unique per device and generated by the transaction device. Are there any exceptions? A Yes. POI devices that are intended for use in tap and go systems may use a shared key or a PAN specific key that is derived from the shared key, whereas the shared key may be shared across all terminals within a merchant’s or group of merchant’s fleet where operationally necessary, provided all other key management controls under B9 remain enforced. This is provided that:
• The hash value is deleted after export.
• The use case is noted in the security policy that is posted on the PCI website.
• The hash value is deleted after export.
• The use case is noted in the security policy that is posted on the PCI website.
Modified
p. 1
Payment Card Industry (PCI) PTS POI Security Requirements Technical FAQs for use with Version 6
Payment Card Industry (PCI) PTS POI Security Requirements Technical FAQs for use with Version 7
Modified
p. 8
July 2013: Can a device with an ICCR be approved for online PIN only if it supports any offline PIN entry method⎯i.e., the device supports enciphered and/or plaintext PIN? A Devices with an ICCR that are not evaluated against the ICCR requirements for offline cannot have the approved version of the firmware support any offline PIN acceptance. Furthermore, devices that support online PIN must be evaluated for online PIN, or the approved version of firmware must have online PIN acceptance …
July 2013: Can a device with an ICCR be approved for online PIN only if it supports any offline PIN entry method⎯i.e., the device supports enciphered and/or cleartext PIN? A Devices with an ICCR that are not evaluated against the ICCR requirements for offline cannot have the approved version of the firmware support any offline PIN acceptance. Furthermore, devices that support online PIN must be evaluated for online PIN, or the approved version of firmware must have online PIN acceptance …
Removed
p. 9
February (update) 2022: In light of the discovery of the Padding Oracle on Downgraded Legacy Encryption (POODLE) attack, is SSL still an allowed protocol? A PCI requires that devices must only support Cipher Suites for use in TLS 1.2 or higher that provide at least 112 bits of security. Cipher suites that comprise AES and other NIST-approved algorithms are acceptable to use. Cipher suites that use TDEA (3DES) are no longer allowed due to the limited amounts of data that can be processed under a single key⎯ i.e., the 64-bit block size does not provide adequate protection in applications such as TLS where large amounts of data are encrypted under the same key. SHA-1 has been demonstrated to provide less than 80 bits of security for digital signatures, which require collision resistance and is not allowed for use in connection with digital signatures. It may be used in connection with …
Modified
p. 12 → 11
June (update) 2025: POI v6 or higher firmware expires on 31 December every third year subsequent to the year initially approved. If a device has multiple approved firmware versions, does each version have its own expiry date? A No. Every firmware version approved in a given calendar year expires on the same 31 December on a three-year cycle. For example, all firmware for a POI v7 device approval that were evaluated and approved during 2025 will expire on 31 December …
Removed
p. 13
October 2024: The model name, and if applicable, number must be visually and distinctly present on the device and not be part of a larger character string. The model name/number must be retrievable from the device by a query. Can a device have a model name/number imprinted (e.g., silk screened) on the device that is different than the model name and number as printed on a label elsewhere on the device? A No. However, it is permissible for the actual specific model name/number to contain a prefix followed by a hyphen and a short suffix to differentiate models that are within the same device family and which are part of the same approval number. For example, a device could be imprinted with ABCD100, but the actual model names co-listed on the approval listing and as shown on a label on each approved device are ABCD100-BT and ABCD100-W.
October 2024: POI v6 …
October 2024: POI v6 …
Modified
p. 15 → 13
December 2025: If a report for a new approval contains several device variations, what requirements must the devices meet? A When several device variations are submitted for approval in the same evaluation report
•even if it is for a new approval listing- those devices must meet the same requirements that apply to delta evaluations. These delta requirements are specifically defined in the PTS Program Guide under hardware changes in Appendix B. The main criteria is that the differences between the …
•even if it is for a new approval listing
December 2025: If a report for a new approval contains several device variations, what requirements must the devices meet? A When several device variations are submitted for approval in the same evaluation report
•even if it is for a new approval listing •those devices must meet the same requirements that apply to delta evaluations. These delta requirements are specifically defined in the PTS Program Guide under hardware changes in Appendix B. The main criteria is that the differences between the device …
•even if it is for a new approval listing •those devices must meet the same requirements that apply to delta evaluations. These delta requirements are specifically defined in the PTS Program Guide under hardware changes in Appendix B. The main criteria is that the differences between the device …
Modified
p. 15 → 13
A device uses a key that is randomly generated internally in the secure processor to protect other keys. This key is stored in the clear and protected within a register in the same secure processor. The secure processor resides within a secure area of the device. This key is used to encrypt other keys, which are stored encrypted outside the secure processor•e.g., in flash memory that also resides within the secure area of the device. Upon tamper, the device erases …
POI Requirement A1 A device uses a key that is randomly generated internally in the secure processor to protect other keys. This key is stored in the clear and protected within a register in the same secure processor. The secure processor resides within a secure area of the device. This key is used to encrypt other keys, which are stored encrypted outside the secure processor•e.g., in flash memory that also resides within the secure area of the device. Upon tamper, …
Modified
p. 16 → 14
The API for firmware and applications (if applicable) needs to be looked at carefully to determine the conditions under which plain-text data entry is allowed. Example: it should not be possible unless under acquirer display prompt-controlled devices, for a third party to display an image (JPEG) that states “press enter when ready for PIN entry” and then have a plain-text keypad pop up on the next screen. The extra caution is warranted for touchscreen devices because of the desire to …
The API for firmware and applications (if applicable) needs to be looked at carefully to determine the conditions under which cleartext data entry is allowed. Example: it should not be possible unless under acquirer display prompt-controlled devices, for a third party to display an image (JPEG) that states “press enter when ready for PIN entry” and then have a cleartext keypad pop up on the next screen. The extra caution is warranted for touchscreen devices because of the desire to …
Modified
p. 21 → 18
November 2012: Where a whitelist is used to control whether PAN data exits the device in plaintext or ciphertext, does the whitelist updating have to be under the direct control of the vendor? A No. The vendor may provide the mechanisms to the acquirer to directly control the updating of the whitelists in a manner consistent with acquirer-controlled display prompts⎯that is, the use of dual-control techniques and provisions for auditability and logging.
November 2012: Where a whitelist is used to control whether PAN data exits the device in cleartext or ciphertext, does the whitelist updating have to be under the direct control of the vendor? A No. The vendor may provide the mechanisms to the acquirer to directly control the updating of the whitelists in a manner consistent with acquirer-controlled display prompts⎯that is, the use of dual-control techniques and provisions for auditability and logging.
Modified
p. 26 → 23
May (update) 2018: Under what circumstances is key entry via the device keypad permitted? A Plain-text single component secret keys cannot be entered into the device using the keypad. Plain-text key components may be entered via the keypad in accordance with ISO 11568-2. Encrypted keys may also be entered via the keypad. Entry of key components or encrypted keys must be restricted to authorized individuals. Functions used to enter keys must only be available when the device is in a …
May (update) 2018: Under what circumstances is key entry via the device keypad permitted? A Cleartext single component secret keys cannot be entered into the device using the keypad. Cleartext key components may be entered via the keypad in accordance with ISO 11568-2. Encrypted keys may also be entered via the keypad. Entry of key components or encrypted keys must be restricted to authorized individuals. Functions used to enter keys must only be available when the device is in a …
Modified
p. 27 → 24
March 2011: Plain-text secret or private keys and their components may be injected into a PIN pad using a key loader (which has to be some type of secure cryptographic device). Are there any restrictions on loading keys via this methodology? A Yes. The loading of plain-text secret or private keys and their components using a key-loader device is restricted to secure key-loading facilities. Unattended devices deployed in the field shall have plain-text secret or private key loading restricted to …
March 2011: Cleartext secret or private keys and their components may be injected into a PIN pad using a key loader (which has to be some type of secure cryptographic device). Are there any restrictions on loading keys via this methodology? A Yes. The loading of cleartext secret or private keys and their components using a key-loader device is restricted to secure key-loading facilities. Unattended devices deployed in the field shall have cleartext secret or private key loading restricted to …
Modified
p. 27 → 24
November 2020: POI devices must support one or more of four specified techniques for the loading of private or secret keys. Methods a and b are for plaintext key loading and methods c and d are for encrypted key loading. The requirement specifies that EPPs and OEM PEDs intended for use in an unattended environment shall only support methods a, c, and d. It further specifies that SCRPs shall only support the loading of encrypted keying material. Are there any …
November 2020: POI devices must support one or more of four specified techniques for the loading of private or secret keys. Methods a and b are for cleartext key loading and methods c and d are for encrypted key loading. The requirement specifies that EPPs and OEM PEDs intended for use in an unattended environment shall only support methods a, c, and d. It further specifies that SCRPs shall only support the loading of encrypted keying material. Are there any …
Modified
p. 30 → 27
• When entering the plain-text KBPK (or equivalent) through the keypad, it must be entered as two or more components and require the use of at least two passwords/authentication codes. The passwords/authentication codes must be entered through the keypad or else conveyed encrypted into the device.
• When entering the cleartext KBPK (or equivalent) through the keypad, it must be entered as two or more components and require the use of at least two passwords/authentication codes. The passwords/authentication codes must be entered through the keypad or else conveyed encrypted into the device.
Modified
p. 31 → 28
• Loading of a plaintext KBPK (or equivalent) using a key loader must be done using dual control and require the use of two or more passwords/authentication codes before injection of the key. These passwords/authentication codes are entered directly through the keypad of the applicable device or are conveyed encrypted into the device and must be at least seven characters in length. These passwords/authentication codes must either be unique per device (and per custodian), except by chance, or if vendor …
• Loading of a cleartext KBPK (or equivalent) using a key loader must be done using dual control and require the use of two or more passwords/authentication codes before injection of the key. These passwords/authentication codes are entered directly through the keypad of the applicable device or are conveyed encrypted into the device and must be at least seven characters in length. These passwords/authentication codes must either be unique per device (and per custodian), except by chance, or if vendor …
Modified
p. 31 → 28
Injection of plain-text secret keys or their components where the receiving device does not itself require the use of at least two passwords/authentication codes for injection results in the zeroization of pre-existing acquirer secret keys. For devices supporting multiple- acquirer key hierarchies (e.g., multi-acquirer devices), only the hierarchy (e.g., specific TMK and working keys) associated with the key being loaded must be zeroized. In all cases, the authentication values (passwords, authentication codes or similar) for each user on a given …
Injection of cleartext secret keys or their components where the receiving device does not itself require the use of at least two passwords/authentication codes for injection results in the zeroization of pre-existing acquirer secret keys. For devices supporting multiple- acquirer key hierarchies (e.g., multi-acquirer devices), only the hierarchy (e.g., specific TMK and working keys) associated with the key being loaded must be zeroized. In all cases, the authentication values (passwords, authentication codes or similar) for each user on a given …
Modified
p. 37 → 35
Would the display of plain-text PIN digits by the device qualify as tamper evidence? A No. The cardholder may not be familiar with the typical behavior of a given device and may not recognize that the device is violating Requirement B3.
Would the display of cleartext PIN digits by the device qualify as tamper evidence? A No. The cardholder may not be familiar with the typical behavior of a given device and may not recognize that the device is violating Requirement B3.
Removed
p. 38
May 2011: If a device complies with B15, does this mean I need to re-submit the device for lab evaluation every time I change the prompts? A If there are suitable wildcards in the firmware version listing to accommodate new prompt versions that have been previously reviewed and confirmed as appropriate by a PCI laboratory, the review of each change by a PCI laboratory is not necessary.
Modified
p. 38 → 36
May 2011: Requirement B15 does not specify any minimum attack potential. What requirements are placed on the physical security of a device that allows for display prompts to be updated by third parties using cryptographically based controls? A All prompts that may be used to request plaintext data entry from the cardholder must be secured against an attack potential of at least 18 PCI points with a minimum of 9 for exploitation. This includes prompts that may be updated by …
May 2011: Requirement B15 does not specify any minimum attack potential. What requirements are placed on the physical security of a device that allows for display prompts to be updated by third parties using cryptographically based controls? A All prompts that may be used to request cleartext data entry from the cardholder must be secured against an attack potential of at least 18 PCI points with a minimum of 9 for exploitation. This includes prompts that may be updated by …
Modified
p. 38 → 36
• A secure channel is required between the PIN pad interface and the (ATM) controller to manage changes between PIN and plaintext data entry modes
• A secure channel is required between the PIN pad interface and the (ATM) controller to manage changes between PIN and cleartext data entry modes