• Skip to primary navigation
  • Skip to main content
Cardspot

Cardspot

  • Home
  • About Us
  • Services
    • Brand Certification
    • Brand Consultancy
    • Observing Mandates
    • Issuer Consultancy
    • Acquirer Consultancy
    • Key Management
  • Blog
  • Contact Us
  • English
    • Hungarian

Ohhh. My terminal’s PCI certification expires. What to do now?

Gábor Gazsó · 2021.03.01.


In April 2021, all PCI PTS v3.x terminal certificate expires. What should you do in such a situation?

PCI

First, let’s see where is PCI‘s position in an EMV environment. An EMV card is equipped with a microcontroller. Such a device contains cryptographic keys and generates cryptograms to reduce the possibility of fraud. Anyhow, the cardholder’s data is transferred from the terminal to the card issuer, and sensitive information is among these cardholder data.

PCI specifies how the terminal and other parties of the transaction should handle these sensitive data. PCI PTS POI has been created to specify how the payment terminals should handle the PIN. PCI stands for Payment Card Industry; PTS stands for PIN Transaction Security; POI stands for Point Of Interaction.

So, PCI has set up several controls that ensure secure processing of the cardholder’s PIN. Version 3 of these requirements were published in 2010, and the final version, 3.1, was published in 2011.

The requirement

PCI specifications tell the vendors how they should protect the cardholder’s sensitive data. Practically, there is nothing the acquirers should know about these requirements. Terminals are evaluated according to a specific version of PCI PTS POI. On the other hand, card schemes may require their members to use a terminal certified to a particular version or higher. The acquirer should ensure that the terminals in production are compliant with those versions.

So PCI doesn’t say that you have to remove your terminals from production immediately. Terminals compliant with version 3.1 at the time of their certification are still compliant with version 3.1. What happens is only that version 3.1 is too old and should not be used anymore. Nevertheless, PCI doesn’t force the payment provider to discontinue the usage of the expired terminals. The card brands set up the requirements. You have to carefully read their mandates and procedures to see how to proceed or contact us to use our mandate observer service.

About Gábor Gazsó

The author has more than 20 years of experience with bank card systems and smart card technology by working for issuers, acquirers and service providers.

Let us help you and get in touch with us. Contact Us

Copyright © 2023 · Cardspot Kft.

We collect cookies. Why? Accept
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checkbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT