PTS Point of Interaction (POI)

pin-poi

PIN Transaction Security (PTS) Point of Interaction (POI) Standard

The PIN Transaction Security (PTS) Point of Interaction (POI) Standard offers security requirements for the characteristics and management of devices used to protect cardholder PINs (personal identification numbers), account data, and other sensitive payment card data at the point of interaction. POI devices are used by merchants, financial institutions, and other payment industry participants at the point-of-interaction to capture payment card data during payment card transactions.

This standard supports the following device categories: PIN Entry Devices (PEDs), Unattended Payment Terminals (UPT); Non-PIN acceptance devices (Non-PEDs) evaluated for account data protection; Encrypting PIN pads (EPPs) that require integration into other devices such as ATMs; and secure components for POS terminals such as Secure Card Readers (SCRs). Additionally, Secure Card Reader- PINs (SCRPs), which are encrypting card readers that are intended for use with commercial-off-the-shelf (COTS) devices, such as a mobile phone or tablet.

Important Information

Photo.png

Intended Audience

Vendors that design and manufacture various devices used in payment card transactions, which typically include attended and unattended POS (point-of-sale) devices and ATMs.

Photo-1.png

PTS POI Documents

Find all of the related documents in the PCI SSC Document Library.

Photo-2.png

Listings & Professionals

The PCI SSC encourages merchants and their acquirers to use the PCI SSC listing in selecting PCI-Approved PTS POI Devices for their payment environments. 

Independent PCI-Recognized Laboratories evaluate PTS POI devices against PTS POI security requirements. PCI SSC reviews evaluation reports, approves PTS POI devices, and provides a listing of approved devices.

Resources

Training Information

The Payment Card Industry Professional is an individual, entry-level certification in payment security information and provides you with the understanding to help your organization build a secure payment environment. Becoming a PCIP demonstrates a level of understanding that can provide a strong foundation for a career in the payments security industry.

Compliance programs for all PCI SSC standards are managed by the payment brands. Questions about which entities need to validate compliance to any PCI SSC standard, or whether use of a PCI-listed product is required and for which entities, should be referred to the payment brands. Contact information for the payment brands is in FAQ #1142.