All new PIN entry devices must obtain PCI approval

PCI approval has superseded PED approval. It is a joint effort between Visa, MasterCard and JCB.

Since October 1, 2005, all new PIN entry devices must obtain PCI approval; Visa PED approval is no longer accepted. Older Visa PED approved devices are accepted until their approval is obsolete.

As with Visa PED approval, PCI approval focuses on PIN security and related subjects.

Device classes

There are different approvals for online and offline devices. There are also different device classes, such as:

• POS pinpads (attended use)
• EPP pinpads without display (typically for ATMs)
• ATMs
• UPTs (unattended payment terminals)

Security levels for online devices

For the online devices, security levels differ depending on the cryptography used:

• DUKPT (Least demanding)
• MK/SK (More demanding)
• Fixed Key (Most demanding)

Read about the security requirements and approved devices here: PCI Security Standards