Frequently Asked Questions

< Back to search page

How do PCI PTS-approved POI device expiry dates affect a PCI-listed P2PE solution?

FAQ Response

PCI-listed P2PE solutions (and applicable P2PE components) are allowed to revalidate and reassess their existing PCI P2PE approval with expired PTS POI devices for up to, but not exceeding, 5 years past the PTS POI device expiry dates (as listed on the PCI Approved PTS Devices list) for the POI device types used in the solution.

POI devices used in a PCI-listed P2PE solution exceeding 5 years past their listed expiry date will no longer be considered valid.  A PCI-listed P2PE solution will be delisted if all of its associated POI device types have exceeded the 5 year window (as shown in the table below). In order to understand the impact of P2PE solutions that are using expired POI devices on PCI DSS compliance, please contact the individual payment brands (see How do I contact the payment card brands?).

Each PCI PTS-approved POI device is associated with an expiry date relative to the major version of the PCI PTS POI standard it was evaluated and approved against. Each PTS POI device approval listing indicates its expiry date. The Approved PTS Device list with associated expiry dates can be found here:

https://www.pcisecuritystandards.org/assessors_and_solutions/pin_transaction_devices


For quick reference, the following table provides the current POI device expiry dates and the corresponding revalidation/reassessment window for P2PE solutions using these devices:

PCI PTS POI version

PTS POI Expiry Date

P2PE Revalidation/Reassessment End-date
for Expired POI Devices*

1.x

EXPIRED 2014

N/A – v1.x devices are not P2PE eligible

2.x

EXPIRED APR 2017

29April2022

3.x

30April2020

29April2025

4.x

30April2023

29April2028

5.x 

 30April2026

29April2031 

* There may be regional variations – please check with the respective payment brands to determine any variances in the dates shown above.

Please note that P2PE solutions (and applicable P2PE components) undergoing an initial assessment must use non-expired (i.e., not exceeding the PTS POI expiry date), eligible PCI PTS POI devices. Please refer to the PCI P2PE Standard and Program Guide in our document library for further details.

July 2017
Article Number 1434