PCI and PAX…what a Merchant, ISO, or Agent Needs to Know

If you’ve been fielding questions and concerns about the recent PCI and PAX communications take a moment to read the below information for additional clarification. We understand how important clear communication is and we hope by providing more insight we can help you ease any uncertainty that comes your way.

On August 31, 2022, PAX distributed an email stating that the PCI-PTS 4.x certifications for the S300, SP20, SP30, and S80 were going to expire on April 30, 2023. As we have received some feedback from other team members, partners, and some merchants who were concerned, and rightfully so. We want to make it clear that the language PAX used was misleading.

To provide some background: PCI-PTS is an acronym for Payment Card Industry – PIN Transaction Security which is in place by the card brands as a security measure used in the protection of cardholder PINs and other payment-processing related activities. Although “PCI” is in the name of the certification, this is not directly related to the PCI Compliance process, which most of the concern stemmed from.

PAX has since then clarified that PAX will no longer ship PCI-PTS 4.x devices after April 30, 2023, and that these PCI-PTS 4.x devices may be distributed to merchants after this date as well. Most card brands have announced that the PCI-PTS 3.x will be sunset by 2030. PAX is confident (as are we) that the PCI-PTS 4.x certification will be able to be functional well beyond the sunset date of PCI-PTS 3.x.