With just over a half a year left, retailers must think about what comes next. While they can keep using 3.0 terminals, soon they won’t be able to buy more, and support will eventually end. Hopefully Level 10’s handy Q&A on relationship advice will help retailers move on:
A: Yes, the only change is that manufacturers can’t sell them; you do not have to replace them all before April 2020. Payment terminal makers also have varied end date for support of the devices so the sun setting of 3.0 does have potential implications for security and fleet management and support. (Contact us for official EOS documentation from the industry's major payment terminal OEMs.)
A: Yes, as long as you purchased and took delivery of the devices before the expiration date. However, you should also check with your acquirer to see if they have any usage requirements. They may want you to start replacing 3.0 devices at some point.
A: It shouldn’t, as long as you are using a device that was compliant at the time of purchase. To date, the PCI Council has not issued any sort of remove-from-service requirement for 3.0 devices.
A: Every PCI release improves on security, so a 4.0-compliant device has more stringent security built in than a 3.0 device, and a 5.0-compliant device is even more secure. So someone seeking points of vulnerability in retailers’ defenses may be more likely to target one with the lesser amount of protection.
A: No, once a device is certified, it cannot be modified.
A: A 5.0 terminal has the latest security and will provide the longest lifespan; terminals that are 4.0-compliant are due to sunset in April 30, 2023. But retailers need to make their own decisions, such as whether they prefer a homogenous environment, or one that mixes 4.0 and 5.0 terminals.
A: Those retailers that prefer one device across the enterprise often do so to ease service and support; it can be more difficult to support a mixed environment.
Another consideration how long the payment terminal manufacturer will continue to offer support on older models. If a device isn’t selling well, or its components become hard to locate, they may end support sooner than the typical pattern of waiting two to three years past the sunset date.
A: The immediate need to is create a roadmap. Visa recommends these steps:
Retailers don’t have to make these decisions alone. In addition to selling payment terminals, Level 10 can provide advice as well as services to make it easy to swap out devices, such as configuration and installation. We also offer repair services and estate management to remotely support payment devices.
It’s hard to quit something that has worked well for so long. But a relationship with a payment terminal can never be long term. It’s time for retailers to get back out there and fall in love with new devices that offer the best combination of lifespan, compliance and security.
Level 10 is a PCI PIN 3.0 Certified QIR and ESO. Contact us to get started on your payment terminal refresh.