PCI is the association that sets security standards and regulations for the Payment Card Industry and the PCI 3.x April 30th, 2021 deadline is approaching. In the upcoming months, businesses must consider if they will continue to purchase last time buys of PCI 3.x technology or upgrade to the newer, more secure 5.x technology.

Important Things to Know

  • Payment Card Industry Security Standards Council (PCI SCC): Formed as PCI began to evolve and improving payment account security became a significant concern.
  • PIN Transaction Security (PTS): Devices for the point-of-interaction for capturing payment card data and validating approval of its use for a transaction.
  • Payment Card Industry Data Security Standard (PCI DSS): A set of security standards created by the PCI SCC and designed to ensure that a company that accepts, processes, stores or transmits credit card information maintains a secure environment.

However, these certifications can expire.

Expirations

The following dates are when PCI compliance expires:

  • PCI 3.x– April 2021
  • PCI 4.x– April 2023
  • PCI 5.x– April 2026

If a business does not comply, they may face fines up to $100,000 per month until the compliance is met. Non-compliance may also result in the business’ acquiring bank increasing transaction fees or even terminating their relationship entirely.

Non-compliance can also affect consumer relationships. While consumers love the convenience of quick transactions, they also have the expectation that their information will be secure above anything else. If not, data breaches can cost millions of dollars in customer care and may result in consumers losing trust in a business and going elsewhere.

The Problem with Retaining Older Payment Terminals

While there are multiple reasons why companies fall victim to breaches there are two common reasons behind some of the largest breaches:

  • Older, more vulnerable technology
  • Lack of maintenance and support of data security software on the company’s network.

However, none of these are as costly as a data breach.

Vulnerable Technology

While businesses are able to continue purchasing and using 3.0 payment terminals without issue, every year newer PCI models modernize their security standards and better fortify their terminals against hackers attempting to steal consumer’s private information. Therefore, older models lack the valuable security improvements that newer terminals possess. Hackers seeking points of vulnerability in retailers’ defenses may be more likely to target older devices with older protections rather than newer devices, like the SREDKey 2, that have advanced data encryption abilities.

Currently, a PCI 5.0-certified device meets the highest security standards.

Maintaining Data Security

Maintaining compliance can be a costly long process. Many businesses forgo maintaining their systems to save themselves the money and hassle. Lack of maintenance allows hackers to invade merchant environments and access forgotten backdoors.

However, new technologies such as SRED in 5.x devices allow the merchant environment to be completely safe and tamper responsive until the purchase reaches the gateway and security is no longer the company’s responsibility to maintain. Readers such as the SREDKey II offer the protection certain businesses need when safeguarding their consumer’s data.

The Benefits of Subbing PCI 3.x with PCI 5.x

As previously mentioned, upgrading to PCI 5.x is beneficial because it safeguards businesses from the protection an older device may lack. The newer the compliance the more stringent the security is, and proper reader encryption can offer a solution to both issues of vulnerable technologies and older systems. ID TECH’s SREDKey II is a PCI 5.x, MOD keypad which encrypts the data it processes and safely delivers it outside of the merchant environment, giving the consumers and businesses an extra boost of protection from hackers.

ID TECH’s VP6800, a PCI 5.x reader with interactive 4.3” touchscreen, pin on glass, MSR, EMV, and NFC acceptance, is the ideal solution for kiosk and self-service environments due to its versatility with payments and advertising/marketing capabilities.  Whether you are looking for a PCI 5.x solution for vending, parking, ATMs, car wash or transit, the VP6800 delivers security and payment acceptance in a global solution.

Final Recommendations

While it is seemingly much more cost-effective to stay with 3.x devices, companies shouldn’t risk their security and should upgrade to newer devices to better protect their environments. Breaches can cost millions of dollars in the long run and can damage a consumer’s relationship with a merchant as well. We suggest upgrading to the latest compliance and creating the safest possible environment for both consumers and companies for the better.