From 24 January to 24 February 2020, PCI SSC stakeholders can participate in a Request for Comments (RFC) on the PCI PTS Point of Interaction (POI) v6 Standard draft.
Background on the PCI PTS Point of Interaction (POI) v6 Standard
POI v6 reorganized the requirements into four modules:
- Evaluation Module 1: Physical and Logical
- Evaluation Module 2: POS Terminal Integration
- Evaluation Module 3: Communications and Interfaces
- Evaluation Module 4: Life Cycle Security
PCI PTS Point of Interaction (POI) v6 Standard draft introduces changes that includes limiting firmware approval time frames to three years to help ensure protections against vulnerabilities. It also requires support for Elliptic Curve Cryptography in support of EMV initiatives. Other significant changes are identified in the Summary of Requirements Changes document.
The PCI PTS POI v6 Standard draft RFC is open to Participating Organizations, PTS Vendors, PCI Recognized Labs, Qualified PIN Assessors and Qualified Security Assessors.
Not a Participating Organization (PO) but want to participate in PCI SSC RFCs? Learn about membership benefits and register to become a PO here.
The RFC will be available through the PCI SSC portal, including instructions on how to access the document and submit feedback. Primary contacts for each organization can access the PCI PTS Point of Interaction (POI) v6 Standard RFC via the Portal. Eligible RFC participants will be required to accept a Non-Disclosure Agreement (NDA) to download the document.
Per the RFC process, every piece of feedback will be reviewed and considered, and PCI SSC will prepare a summary for RFC participants showing all feedback received and how it was addressed. Please review the RFC Process Guide for more information.
Please note that PCI SSC can only accept comments that are received via the PCI SSC portal within the defined RFC period.