Frequently Asked Questions

< Back to search page

How does use of an expired PTS device affect my PCI DSS compliance?

FAQ Response

While PCI DSS does not require that PCI PTS-approved devices be used, some payment brands have their own requirements for using PTS-approved devices, including whether PTS devices with expired approvals may be purchased or used beyond the expiry date. The impact of using expired PTS devices should be discussed with the merchant’s acquirer or the payment brand.

When implementing a new payment device, merchants are encouraged to review the PCI PTS listing to determine whether the device is approved to PTS and when the approval expires. Click here to see list of PTS-approved devices and their expiry dates. Note that devices with expired approvals may not be able to withstand the latest generations of attacks. Entities using expired devices should contact their acquirer or payment brand. Contact details for the payment brands can be found in FAQ #1142.

March 2020
Article Number 1302