Frequently Asked Questions

< Back to search page

How does use of an expired PTS device affect my PCI DSS compliance?

FAQ Response

While PCI DSS does not require that current PTS-approved devices be used, some payment brands have their own requirements for using PTS-approved devices, including whether expired PTS devices may be purchased or used beyond the expiry date.  The impact of using expired PTS devices should be discussed with the merchant’s acquirer or the payment brand. 

When implementing a new payment device, merchants are encouraged to review the PCI PTS listing to determine whether the device is approved to PTS and when the approval expires. Click here to see list of PTS-approved devices and their expiry dates.

Payment devices approved to version 1.0 of the PTS POI Standard expired 30 April 2014. This expiration indicates devices may not be able to withstand the latest generations of attacks. Entities using v1.0 devices should contact their acquirer or payment brand. Contact details for the payment brands can be found in FAQ #1142.

August 2014
Article Number 1302