Frequently Asked Question
What is the difference between POI firmware and additional software that may be present on the POI device?
PTS devices inherently require firmware to function. "Firmware" as defined in the PTS standard is "... any code within the device that provides security protections needed to comply with (PTS) device security requirements or can impact compliance to these (PTS) security requirements. Firmware may be further segmented by code necessary to meet the PTS Core, OP (Open Protocols) or SRED (Secure Reading and Exchange of Data). Other code that exists within the device that does not provide security, and cannot impact security, is not considered firmware. Any software intended for use in a P2PE solution that does not meet the PTS definition of "firmware" must be assessed in accordance with the PCI P2PE standard and is subject to all applicable P2PE security requirements. Note that reassessing the PTS firmware as part of the P2PE assessment is not required nor allowed. See also FAQ entitled Are POI devices with only the PTS-approved firmware (i.e., no additional software) eligible for use in a PCI P2PE solution?.
September 2015
Article Number: 1338