PCI Watch

Tracking changes across the Payment Card Industry
ℹ️
Reference Content: This is a copy of content from the PCI Security Standards Council FAQ database, preserved for tracking changes over time.
View Original →
FAQ #1434 Published

How do PCI PTS-approved POI device expiry dates affect a PCI-listed P2PE solution?

PCI-listed P2PE solutions (and applicable P2PE components) are allowed to revalidate and reassess their existing PCI P2PE approval with expired PTS POI devices for up to, but not exceeding, 5 years past the PTS POI device expiry dates (as listed on the PCI Approved PTS Devices list) for the POI device types used in the solution.

POI devices used in a PCI-listed P2PE solution exceeding 5 years past their listed expiry date will no longer be considered valid. A PCI-listed P2PE solution will be delisted if all of its associated POI device types have exceeded the 5 year window (as shown in the table below). In order to understand the impact of P2PE solutions that are using expired POI devices on PCI DSS compliance, please contact the individual payment brands (see How do I contact the payment card brands?).

Each PCI PTS-approved POI device is associated with an expiry date relative to the major version of the PCI PTS POI standard itwas evaluated and approved against. Each PTS POI device approval listing indicates its expiry date. The Approved PTS Device list with associated expiry dates can be found here:

https://www.pcisecuritystandards.org/assessors_and_solutions/pin_transaction_devices

For quick reference, the following table provides the current POI device expiry dates and the corresponding revalidation/reassessment window for P2PE solutions using these devices:

PCI PTS POI version

PTS POI Expiry Date

P2PE Revalidation/Reassessment End-date
for Expired POI Devices*

1.x

EXPIRED 2014

N/A ? v1.x devices are not P2PE eligible

2.x

EXPIRED APR 2017

29April2022

3.x

30April2020

29April2025

4.x

30April2023

29April2028

5.x

30April2026

29April2031

* There may be regional variations ? please check with the respective payment brands to determine any variances in the dates shown above.

Please note that P2PE solutions (and applicable P2PE components) undergoing an initial assessment must use non-expired (i.e., not exceeding the PTS POI expiry date), eligible PCI PTS POI devices. Please refer to the PCI P2PE Standard and Program Guide in our document library for further details.

View original on PCI SSC website View all versions Back to recent changes

Disclaimer: This FAQ has been processed for display on this website and may contain errors. Please check the original FAQ on the PCI SSC website for the authoritative version.