PCI Security Standards Council Extension of PCI PTS POI v3 Devices

PCI Security Standards Council Bulletin: Extension of Expiration of the Approval of PCI PTS POI v3 Devices, March 10, 2020.

Due to supply-chain disruptions related to the coronavirus, the PCI Council has extended the expiration date of PIN Transaction Security Point-of-Interaction (PTS POI) v3 devices from 30 April 2020 to 30 April 2021.

For those countries and entities not impacted by the coronavirus, we strongly encourage the deployment and use of next generation solutions such as devices approved to PTS POI v4 or v5 and migrating to POI v6 devices when the standard is released later this year.

On advisement from our industry stakeholders, the Council has determined the preventive controls to stop the spread of the coronavirus will impact previously planned rollouts of POI v3 devices. While recognizing that earlier versions of POI devices may be less robust in withstanding certain of the latest generations of attacks, we do not believe that this limited one-year extension of the approval expiry date for POI v3 devices will materially impact that risk.

The PCI SSC advises merchants, financial institutions, vendors and other users of PTS POI v3 devices, specifically v3 PEDs (PIN entry devices), non-PEDs, EPPs (encrypting PIN pads), UPTs (unattended payment terminal), and SCRs (Secure Card Readers) to contact their device vendors regarding the availability of more recently approved models to use as replacements and in new deployments. Effective 30 April 2021, the affected devices will be removed from the approved POI devices list on the PCI SSC website and listed separately here

Here are examples of credit card terminals with expiring PCI PTS 3.x April 30, 2021:

  • Vx525- Hardware #: M252-5xx-xx-xxx-3
  • Optimum M-5 (Verix)-


  • SCR-710, Mx760 SCR-


  • FD55- M252-1xx-x3-FD1-3
  • VX 690, VX 690B


  • Vx600 Bluetooth/ MPM-100


  • Vx825

OP: 2.x.x

  • Vx675 (VOS)


  • IWL220, IWL250- IWL2xx-01Txxxxx
  • IPP220, IPP280Hardware #: iPP2xx-01Txxxxx
  • ICT220, ICT250- Hardware #:iCT2xx-11Txxxxx
  • iCMP-

Hardware #: ICMxxx-01Txxxxx (Non CTLS) ICMxxx-11Txxxxx (CTLS)

  • Ingenico iSC 250 & TOUCH 250 Hardware #: iSC2xx-01Txxxxx


  • ISC Touch 480

Hardware #: ISC4xx-01Txxxxx (no CTLS)
ISC4xx-11Txxxxx (CTLS)


iPP310, iPP320, iPP350

FD130- Hardware #: T0PXXXXB1CXX4X

The Ingenico is a good example of varying PCI PTS within the same model. The Ingenico iSC TOUCH 250 PCI 4.0 Certified

For a complete list , click here https://www.pcisecuritystandards.org/assessors_and_solutions/pin_transaction_devices?agree=true PCI Security Standards Council (“PCI SSC”) LIST OF VALIDATED PRODUCTS AND SOLUTIONS

What happens if you continue using an expired terminal?

  • If there is a data breach, the cost of which typically exceeds $1 million, you’ll have no safe harbor because you used expired equipment.
  • Your acquirer could shut you down at any time. They know what type of equipment you have because when your account is established they create a communication connection (TID or terminal identification). It’s happened before. I picked up four new clients in one month that were all shut down by their processor for using outdated equipment and or software. There were left with no way to process at all and felt they should have been contacted to make a change before it happened.

Where can you buy a new terminal?

Buy one from Christine! Never buy a terminal on Ebay or any unknown source. Terminals should ship directly from an authorized entity that also does pin debit encryption. Never let a salesperson or any non-employee install your credit card terminal unless they are PCI Council QIR certified; Level 4 merchants are mandated to only use QIR individuals. The QIR designation belongs to individuals, not companies.

Disclaimer: This is not a comprehensive list and does not include add related data for individual products. Merchants should review current information at the PCI Council web site, pcisecuritystandards.org.

Call Christine Speedy, for all your merchant account, hardware and virtual terminal needs. 954-942-0483, 9-5 ET. Christine is Founder of 3D Merchant Services, PCI Council Qualfied Integrator Reseller (QIR), and is a credit card processing expert with specialized expertise in card not present and B2B payment processing technology. Less than 1% of all merchant services sales representatives are QIR certified. Christine is an authorized independent sales agent for a variety of merchant services and payment technology solutions.

Verifone PCI 3 End of Life Terminals

Did you know terminals have their own Payment Card Industry or PCI certification? The standards are part of the overall merchant requirements to maintain the security of cardholder data. Those rules change over time and a bunch of Verifone equipment is expiring, including the popular Vx520 countertop terminal and Vx820 pinpad.

Last August, Verifone issued end of life notification on their PCI 3 range of payment devices in compliance with the PCI Security Standards Council PCI 3 expiration date of April 30, 2020. Often merchants will get notifications like this from their acquirer on their merchant statement.

Which Verifone terminals are impacted?

  • Vx520, VX510, VX570
  • Vx805 – M280-703-0X-XXX-X
  • Vx820 pin pad
  • Vx675, Vx680, Vx685, Optimum M5
  • Mx915 (PN 132-XX…), Mx925 (PN 132-XX…)
  • H5000
  • This list does not include all devices! Merchants should check with their providers especially if using a non-EMV device or if you were an early EMV chip adopter.
  • verifone vx510

What does End of Life mean?

  • Final date for new terminal sales (fall 2019)
  • End of Development- Improvements or changes have stopped
  • End of Support Date- Verifone will not issue software updates after April 2020, except that, until April 2023 they will continue to provide error corrections for Severity 1 (Critical) software errors, including security vulnerabilities.
  • End of Service Date- April 2023. Verifone will honor any extended support contracts to their term. Subject to component availability and other factors, Verifone will also continue to provide repair.

(PCI) PIN Transaction Security (PTS) v4 expires April 30, 2023. PCI PTS v5 expires April 30, 2026.

Are merchants PCI Compliant if they continue to use PCI 3 terminals after April 2020? The PCI Council urges but does not mandate merchants use approved PTS devices in their payment environments. However, in our experience, between payment brand and acquirer requirements, merchants generally need to use only approved PTS devices or risk getting shut down. Research expiration dates of terminals on the PCI Council web site. I’d be concerned about liability and the ability to prove PCI compliance, especially in the event of a data breach. Verifone will not issue software updates or provide development support after April 2020. If security vulnerabilities or exploits are identified by the processors after April 2020, and you’re using the terminals, who’s to say when or even if a solution could be found to fix it?

How disruptive would it be for your business to have to shut down using them and get another solution? There are always people who procrastinate making changes. And when something goes wrong, phone calls to processors explode, so change is usually not as swift as you’d like.

Note, only employees and PCI QIR certified individuals can install or touch your credit card terminals. Terminals are one of the most important factors determining rates you pay and chargeback risk. Why? Call now to learn more. This is the perfect time for an external account review by a payments expert.

TIP for Christine Speedy Verifone Mx915 customers: If you have a part number that starts with this “PN 132”, replace the terminal. If you were an early adopter and had your terminals deployed prior to the EMV chip liability shift in October 2015, there’s no need to check part numbers; They need to be replaced. Please contact me directly to consult on replacement options.

Call Christine Speedy , PCI QIR certified, for new PCI 5 terminals, technology review and or merchant account review to maximize profits and improve your customer experience. 954-942-0483, 9-5 ET

Verifone VX terminal reboot: urgent update

All Verifone VX terminals must be updated by June 25, 2019 or merchants risk problems where the terminal is stuck in a reboot and cannot accept credit cards. Verifone posted an advisory on their support web site June 3. Hopefully owners will be notified by their acquirers before they have hard failure. The VX series is very popular so it could be problematic if many thousands of VX terminal owners try and download the update at the same time.

Action is required for all customers using VX (all VX) or e-Series Devices (limited to e315, e315m and e355) on any version of CommServer prior to 544 or 5441 who have not downloaded the recovery utility. This action is for both customers who have successfully recovered their devices from a reboot loop, those who may be in a reboot loop, and those that did not experience issues at all on or around May 25, 2019. Read the entire alert on the Verifone support web page here.

The advisory impacts all Verifone VX terminals, so per my search, that would include the VX 520, VX 680, VX 805, and VX 670. Are you in need of a new or replacement terminal?

The Christine Speedy difference. Find out what terminal is best for your credit card processing situation. Call someone who knows the rules and can help you optimize for the lowest interchange rate qualification. Terminal choice matters! B2B expert. 954-942-0483, 9-5 ET.

Microsoft Dynamics AX ERP Verifone EMV Connector

Want to accept EMV chip cards with a Verifone MX 915 in your Microsoft Dynamics AX ERP? Ask me about best alternative to Payware for B2B and B2G sales. No Retail MPOS is needed. With our module you’ll be live in no time with all the protections you need to maximize profits, mitigating fraud risk and reducing merchant fees with your existing merchant account.

All transaction types are supported for all your sales channels, and you can accept payments via free text invoices, CRM and more.

The Christine Speedy difference. PCI compliance is important to mitigate data breach risk, but equally important is compliance with complicated card network rules. Have you read any of the 1,000+ pages of Visa Rules? Or 300+ Mastercard transaction processing rules? Have any of the people you rely on? I’ve spent countless hours educating myself on them and learning about the nuances that impact your profit and risk. Technology directly impacts compliance. It doesn’t matter how big or how old a company is; the reality is most players in the payments industry fall behind with every new rule that comes out, even though these rules are usually announced years in advance so that they can prepare. Call 954-942-0483, 9-5 ET for expert advice about all things payments for Microsoft Dynamics AX and D365.

Replacement for Ingenico iSC Touch 480 End of LifeTerminals

Ingenico announced end of life for the iSC Touch 480 PCI-PTS v3/4.x models in March 2019 with sales ending December 2019. The purpose of this notice is to advise that Ingenico US is announcing a withdrawal from marketing and sale of the PCI-PTS v3/4.x models of the iSC Touch 480, including ISC480-11P2541A, ISC480-11P2809A and their subsequent updates with the last letter changing to B etc.

The market is moving on to new improved models and PCI-PTS v5, including the Ingenico Lane 8000. If you’re using this type of terminal, you need something to drive them, since unlike desktop terminals, they are just slaves to a technology solution that prompts screens for customers. If you do not already have a solution, we have both integrated and non-integrated cloud-based solutions.

Christine Speedy, Founder 3D Merchant Services, is a credit card processing expert with specialized expertise in B2B and omnichannel technology. Christine is an authorized reseller for Elavon and CenPOS products and services, in addition to other solutions. Call Christine for payment gateway, cloud technology, merchant services and check processing needs.