To clarify the 2010 Debit Pin Entry Device standard merchants are expected to comply with by July 2010, not all merchants will need to change their pinpads. If you deployed a POS PED by December 31, 2007 AND it was on the 2004-2007 Visa PCI lab approved list, you have until December 31, 2014 to replace it.
If you do not meet that requirement, then you’ll need to replace your PED by July 1, 2010 with a unit that meets the new Triple Data Encryption Standard (TDES) standard. Look carefully. There are companies that will sell you units that do not comply with the new standard.
POS- Point Of Sale
PED – Pin Entry Device
POS PED- a device in a merchant location where the customer is present at the time of the transaction.
Pinpad – pin pad- another name for PED
Triple DES- Triple Data Encryption Standard
3DES – same as above
OVERVIEW OF THE 2010 PCI COMPLIANCE RULE FOR DEBIT PIN ENTRY DEVICES:
The new standard is to improve the security of customer debit cards. The technology has been widely implemented over a number of years in ATM’s and such, and merchant pinpads are the last piece to complete.
July 1, 2010 If your unit was deployed after 12/31/2007 and it does not have Triple DES encryption, then you need to replace it. Any unit deployed prior to 2004 needs to be replaced.
12/31/2014 If you deployed a POS PED by December 31, 2007 AND it was on the 2004-2007 Visa PCI lab approved list, then you must replace with a PCI SSC POS PED by this date.
When you deployed your PED is a matter of record with your current service provider. Where is a copy of the 2004-2007 Visa PCI lab approved list? https://partnernetwork.visa.com/vpn/global/category.do?userRegion=1&categoryId=19&documentId=33
HOW DO I VERIFY IF I HAVE A PCI COMPLIANT PED?
The PCI Data Security Standards Council has an updated list for all merchant providers. List of PCI compliant PEDs
WHICH NEW PIN ENTRY DEVICE DO YOU RECOMMEND?
First, make sure the unit has Triple Data Encryption Standard (TDES) certification. Just because someone is selling it, doesn’t mean it’s TDES. The PED must be matched to your terminal and the merchant services provider. You can’t just pick any unit and attach it. A hugely popular unit is the
because First Data is one of the largest payment processors in the country. Many merchant providers utilize the First Data system, therefore can use the unit. Additionally, it works with many different desktop terminals.
If you need to upgrade, now is the time to look at your entire system. Do you need a PED or would you be better off with a signature capture terminal that has an integrated PED? You can get a wireless, desktop or, or even a device that connects to a host based system like CenPOS that provides incredible benefits for organizations processing $1 million per month and up.Â Take a look at the Ingenico i6580, a top of the line unit.
In summary, I like units that have in integrated Debit PED over a separate device that attaches. Oh, and this is another area that you have to be very careful reading product description text. Some product technical descriptions say they accept debit cards but they are not referring to accepting pin debit transactions! As if merchants don’t have enough to get confused about.
All debit PED’s must be encrypted. This is done via a process called an injection. There are a limited number of facilities in the USA that can perform the injection. That means you should not wait until the last minute because a lot of other people will.
3D Merchant Services is an authorized reseller for current equipment ONLY for major brands including Verifone, Hypercom, and Ingenico. We also offer Nurit, Way and other brands. Because of our high volume, we have wholesale prices compared to others. We’re independent- you can use our credit card processing or not. We don’t give free equipment- you’ll get a better deal on your processing and your equipment if you keep the transactions separate. Equipment is never really free.