Diff: FAQ #1166
Which PCI PTS point-of-interaction (POI) devices can be used in a validated P2PE solution?
Earlier Version
Later Version
Removed
Added
A Council-listedvalidated (as per the PCI P2PE Program Guide) P2PE solution must use a non-expired PCI-approved point-of-interaction (POI) device (POI),(v2 or higher), which has been evaluated and approved via the PCI PTS program with SRED (secure reading and exchange of data) listed as a ?function provided? and with SRED enabled and active.
ThePCIlist of PTS v3.0approved is the first version of the PTS Standard to include SRED. Devices assessed to PCI PTS 3.0 with SRED are eligible for use in a P2PE solution.
For PCI PED 2.0 devices, the PCI SSC announced at the 2011 Community Meeting that PCI PTS 2.0POI devices can be submittedfound here.
Please also refer to the PCIPTSP2PE testingstandard laboratoriesand associated resources found in our document library for SREDadditional approval. In support of the P2PE initiative, previously approved v2.0 devices have a twelve month window starting 1 January 2012 to undergo a delta evaluation against the SRED module, and if applicable, the Open Protocols module. As a delta evaluation, the v2.0 approved device may leverage requirements that it previously met in v2.0 where those requirements parallel SRED requirements. For example, the devices may utilize algorithms and key sizes allowed in v2.0 in lieu of those specified in SRED requirements. Similarly, v2.0 devices may utilize v2.0 attack potential calculations for SRED requirements previously addressed under v2.0.
PTS v2.0 devices ?upgraded? using encrypting card readers must meet not only SRED, but the applicable card reader requirements in the Core section (the same as is done for approving card readers under PTS POI v3.1). The expiration of v2.0 devices? approval will remain as April 2017.
A summary of the PTS versions and applicability is provided below:
PTS version
Eligible for SRED approval?
Can be used in P2PE Hardware/* solutions?
Expiry date of PTS approval
3.x or higher
Yes
Yes, if approved with SRED
April 2020
2.x
Yes, if delta evaluation of SRED, and any other applicable modules, has been completed
Yes, for devices that have been approved and listed with SRED and all other applicable PTS modules
April 2017
1.x
No
No
April 2014
Note: The term Hardware/* is used to indicate P2PE solutions that use a PCI-approved hardware-based encryption mechanism (PCI-approved POI using SRED). Hardware/* represents both Hardware/Hardware and Hardware/Hybrid types of P2PE solutions.information.
The
For PCI PED 2.0 devices, the PCI SSC announced at the 2011 Community Meeting that PCI PTS 2.0
Please also refer to the PCI
PTS v2.0 devices ?upgraded? using encrypting card readers must meet not only SRED, but the applicable card reader requirements in the Core section (the same as is done for approving card readers under PTS POI v3.1). The expiration of v2.0 devices? approval will remain as April 2017.
A summary of the PTS versions and applicability is provided below:
PTS version
Eligible for SRED approval?
Can be used in P2PE Hardware/* solutions?
Expiry date of PTS approval
3.x or higher
Yes
Yes, if approved with SRED
April 2020
2.x
Yes, if delta evaluation of SRED, and any other applicable modules, has been completed
Yes, for devices that have been approved and listed with SRED and all other applicable PTS modules
April 2017
1.x
No
No
April 2014
Note: The term Hardware/* is used to indicate P2PE solutions that use a PCI-approved hardware-based encryption mechanism (PCI-approved POI using SRED). Hardware/* represents both Hardware/Hardware and Hardware/Hybrid types of P2PE solutions.
Disclaimer: This FAQ has been processed for display on this website and may contain errors. Please check the original FAQ on the PCI SSC website for the authoritative version.