Payments NZ is reminding merchants to check the age of their EFTPOS terminals as an important deadline for upgrading older models approaches.
Any devices running on the PCI 3.x standard will no longer be compliant after 30 June 2024, leading to their disconnection from New Zealand’s payment network.
Payments NZ chief executive Steve Wiggins says hardware is phased out as more modern and secure technology becomes available.
“The payments industry works hard to ensure New Zealanders’ sensitive card data is protected from financial crime,” says Mr Wiggins.
Mr Wiggins says ensuring EFTPOS devices are operating with the latest standards helps keep the risk of card fraud low.
“It’s encouraging to hear from banks and terminal vendors who have been directly communicating the changes to merchants that the vast majority have replaced the older devices already,” says Mr Wiggins.
“However, there may still be some merchants that are yet to make these important upgrades.
“There are just over two months to go until the older 3.x models become redundant. From the end of June, this hardware will be switched off and unable to be used to process transactions.
“We strongly advise any merchants still using 3.x terminals, or who are unsure, to speak with their terminal provider as soon as possible.”
Mr Wiggins says the sunset date has been extended twice due to equipment supply chain challenges that arose because of Covid-19.
“I’d like to acknowledge merchants that proactively upgraded their devices with a view to meeting the earlier dates.
“The hardware used to process card transactions in New Zealand is very secure thanks to the device lifecycles we have in place, and we’re thankful to all organisations that play a part in maintaining that high standard.”
Frequently asked questions
What are PCI 3.x devices?
3.x devices are EFTPOS terminals using hardware compliant with the 3.x standard issued by the international Payment Card Industry (PCI) Security Standards Council. The devices are made by a range of manufacturers and are distributed nationally by a range of sellers and re-sellers.
How does a merchant know what standard their device is?
Anyone who is unsure on whether they are using PCI 3.x devices should check with their hardware provider.
Why do 3.x devices need replacing?
Payments NZ sets device lifecycle dates based on our device lifecycle framework. This framework is in place to ensure sensitive card data continues to be protected from unauthorised use by making sure EFTPOS devices use secure technology.
How do we set the device lifecycle dates?
In Aotearoa New Zealand, we adhere to international standards as prescribed by the Payment Card Industry (PCI) Security Standards Council. These standards define security requirements using a risk-reduction methodology which is not intended to eliminate the possibility of fraud, but to reduce the likelihood of it happening and lessen its impact.
What should merchants do if they are still using a 3.x terminal or are unsure?
Anyone still using a 3.x terminal or who is unsure should get in touch with their hardware provider . They need to do this now rather than wait until the sunset date gets closer.
For more information about Payment NZ’s device lifecycle framework, visit this website.