Ingenico announced end of life for the ISC 250 with PCI PTS v3 and v4 in March of 2019. This has not stopped companies from selling them, however, due to the PCI PTS expiration in April 2021, merchants who use them would not be able to prove PCI compliance in the event of a data breach.
Did you know terminals have their own Payment Card Industry or PCI certification? The standards are part of the overall merchant requirements to maintain the security of cardholder data. Those rules change over time and a bunch of Ingenico equipment recently expired, including the popular ISC250 lane terminal.
Ingenico issued end of life notifications on their PCI PTS 3 range of payment devices in compliance with the PCI Security Standards Council PCI 3 expiration date of April 30, 2020, which was extended to April 30, 2021 due to Covid. Often merchants will get notifications like this from their acquirer on their merchant statement.
Which Ingenico terminals are impacted?
- iSC Touch 480 PCI-PTS v3/4 model
- iSC Touch 250 PCI-PTS v3/4 model
- iPP320 PCI-PTS v4
- iPP350 PCI-PTS v4
- This list does not include all devices! Merchants should check with their providers especially if using a non-EMV device or if you were an early EMV chip adopter.
What does End of Life mean?
(PCI) PIN Transaction Security (PTS) v3 expires April 30, 2021.
(PCI) PIN Transaction Security (PTS) v4 expires April 30, 2023.
PCI PTS v5 expires April 30, 2026.
Are merchants PCI Compliant if they continue to use PCI 3 terminals after April 2021? The PCI Council urges but does not mandate merchants use approved PTS devices in their payment environments. However, in our experience, between payment brand and acquirer requirements, merchants generally need to use only approved PTS devices or risk getting shut down. Research expiration dates of terminals on the PCI Council web site. I’d be concerned about liability and the ability to prove PCI compliance, especially in the event of a data breach. If security vulnerabilities or exploits are identified by processors after April 2021, and you’re using the terminals, who’s to say when or even if a solution could be found to fix it?
How disruptive would it be for your business to have to shut down using them and get another solution? There are always people who procrastinate making changes. And when something goes wrong, phone calls to processors explode, so change is usually not as swift as you’d like.
Note, only employees and PCI QIR certified individuals can install or touch your credit card terminals. Terminals are one of the most important factors determining rates you pay and chargeback risk. Why? Call now to learn more. This is the perfect time for an external account review by a payments expert.
TIP for Christine Speedy Ingenico ISC250 customers: If you were an early adopter and had your terminals deployed prior to the EMV chip liability shift in October 2015, there’s no need to check part numbers; They need to be replaced. Please contact me directly to consult on replacement options.
Call Christine Speedy , PCI QIR certified, for new PCI 5 terminals, technology review and or merchant account review to maximize profits and improve your customer experience. 954-942-0483, 9-5 ET