- Club Type
With just over 6 months left, operators must think about what comes next as their PCI 3.0-compliance payment terminals go end of life. Verifone have been mandated by Visa that any PTS Level 3 peds are to be phased out and replaced by PTS Level 5 peds.
We have all loved the PCI 3.0-compliance payment terminals. In fact, even as 4.0 and then 5.0 models appeared, we've continued to buy and enjoy our 3.0 devices.
But time has come for that 'gulp' breakup talk, because there’s some sad news: As of April, 30, 2020, manufacturers are no longer permitted to sell terminals that comply with PCI PTS POI v3.X.
Gladstone will replace the old PTS Level 3 units with new level 5 compliant units in future orders.
Verifone will not issue software updates or provide development support after April 2020, except that, until April 2023:
Q: Are we allowed to keep using our PCI PCT 3.0-compliant payment terminals?
A: Yes, the only change is that manufacturers can’t sell them; you do not have to replace them all before April 2020. Payment terminal makers also have varied end date for support of the devices so the sun setting of 3.0 does have potential implications for security and support.
Q: What about 3.0 terminals we may have in storage, can we use those?
A: Yes, as long as you purchased and took delivery of the devices before the expiration date. However, you should also check with your acquirer to see if they have any usage requirements. They may want you to start replacing 3.0 devices at some point
Q: Does continuing to use 3.0 payment terminals mean we will have PCI compliance issues?
A: It shouldn’t, as long as you are using a device that was compliant at the time of purchase. To date, the PCI Council has not issued any sort of remove-from-service requirement for 3.0 devices.
Q: Are PCI 3.0-compliant devices secure?
A: Every PCI release improves on security, so a 4.0-compliant device has more stringent security built in than a 3.0 device, and a 5.0-compliant device is even more secure. So someone seeking points of vulnerability in retailers’ defences may be more likely to target one with the lesser amount of protection.
Q: Can we upgrade our 3.0 devices to 4.0 or 5.0 in the field?
A: No, once a device is certified, it cannot be modified.
Q: Should we start buying 4.0- or 5.0-compliant terminals?
A: A 5.0 terminal has the latest security and will provide the longest lifespan; terminals that are 4.0-compliant are due to sunset in April 30, 2023. Operators need to make their own decisions, with working with their suppliers and partners.
Q: What about Peds in Kiosks?
A: At this time Gladstone is reviewing options regarding Peds in Kiosks, more information will follow in due course.
Q: What should we do now?
A: The immediate need to is create a roadmap. Visa recommends these steps: