Frequently Asked Question
What are the expiry dates for PTS POI device approvals?
A high-level summary of expiry dates for each version of the PTS POI Security Requirements is provided below. Full details can be found in the PCI PTS Device Testing and Approval Program Guide, located in the Document Library.
Whether or not the purchase and use of devices is acceptable beyond their approval expiry date is determined by the individual payment brands. Entities should contact their acquirer or payment brand about the use of devices with expired approvals. Contact details for the payment brands can be found in FAQ #1142 How do I contact the payment card brands?.
PCI PTS POI Security Requirements | Expiry date of PTS Approval |
Version 5.x | April 2026 |
Version 4.x | April 2023 |
Version 3.x | April 2021* |
Version 2.x | Expired April 2017 |
Version 1.x | Expired April 2014 |
*Due to the impact of COVID-19, the PTS POI v3 expiry date has been extended from 30April2020 to 30April2021. For additional information refer to the PCI SSC POI v3 expiry extension post here
For more information about the use of PTS devices with expired approvals, refer to FAQ #1302 How does use of an expired PTS device affect my PCI DSS compliance? And FAQ #1434 How do PCI PTS-approved POI device expiry dates affect a PCI-listed P2PE solution?
Last updated: April 2020
Article Number: 1322
Related
-
What evidence is a TPSP expected to provide to customers to demonstrate PCI DSS compliance?
-
Does PCI SSC consider guidance from other standards organizations when making updates to PCI standards?
-
If an organization provides software or functionality that runs on a consumer's device (for example, smartphones, tablets, or laptops) and is used to accept payment account data, can the organization store card verification codes for those consumers?
Featured FAQ Articles
Featured
-
Do PCI DSS requirements for keyed cryptographic hashing apply to previously hashed PANs?
-
Is the PCI DSS Attestation of Compliance intended to be shared?
-
How does an entity report the results of a PCI DSS assessment for new requirements that are noted in PCI DSS as best practices until a future date?
-
Where do I direct questions about complying with PCI standards?
-
Can SAQ eligibility criteria be used for determining applicability of PCI DSS requirements for assessments documented in a Report on Compliance?
Most Popular
-
What evidence is a TPSP expected to provide to customers to demonstrate PCI DSS compliance?
-
Does PCI SSC consider guidance from other standards organizations when making updates to PCI standards?
-
If an organization provides software or functionality that runs on a consumer's device (for example, smartphones, tablets, or laptops) and is used to accept payment account data, can the organization store card verification codes for those consumers?
-
Do PCI DSS requirements for keyed cryptographic hashing apply to previously hashed PANs?
-
Can a compensating control be used for requirements with a periodic or defined frequency, where an entity did not perform the activity within the required timeframe?
Most Recently Updated
-
Are Mobile Payments on COTS (MPoC) solutions, Software-based PIN Entry on COTS (SPoC)™ solutions, or Contactless Payments on COTS (CPoC™) solutions eligible for a P2PE Solution approval?
-
How can an entity meet PCI DSS requirements for PAN masking and truncation if it has migrated to 8-digit BINs?
-
Can a compensating control be used for requirements with a periodic or defined frequency, where an entity did not perform the activity within the required timeframe?
-
How does encrypted cardholder data impact PCI DSS scope for third-party service providers?
-
Does PCI SSC provide a list of PCI DSS-compliant third-party service providers?