ATM Keypad Encryption PCI Compliance Updates – Upgrades Due by January 1, 2025
PCI Compliance: Best Practices for Enhanced Security
Digital transactions have undoubtedly transformed how we interact with our finances. ATMs play a vital role in facilitating these transactions, offering convenience and accessibility to users worldwide. However, with the increasing prevalence of cyber threats, ATM providers and financial institutions must prioritize security measures.
This article will explore the upcoming mandatory ATM keyboard PCI compliance that will take effect on January 1, 2025.
Understanding PCI Compliance:
The Payment Card Industry Security Standards Council (PCI) is the unified governing body of ATM networks. They are a self-policing group that comes up with the rules that ATMs, credit card terminals, and processors must abide by in the United States.
What is the ATM Keyboard PCI Compliance?
Intending to keep ATM processors and users safe, the PCI Security Standards Council (PCI SSC) has released new mandates for ATM PIN pads and data encryption. The latest update states that by December 31, 2024, all terminals that have the potential to be upgraded to the latest version of encrypting pin pad (EPP) must undergo the necessary upgrades. Any and all terminals that are not eligible for upgrades will need to be replaced entirely.
Starting January 1, 2025, operational ATMs must have up-to-date firmware and software utilizing the TR31 Phase 3 key blocks. These key block encryption measures have been implemented to enhance the security of PINs and data transmitted through ATMs and payment network infrastructure. The strengthened security measures aim to safeguard the cryptographic integrity of payment data, making it significantly more challenging for hackers to exploit vulnerabilities.
After the specified deadline, machines not equipped with the latest pin pads and key blocks will no longer receive support from host processors. Consequently, the networks will not accept any attempted transactions on these ATMs, rendering the machines non-operational. In other words, your ATM will be turned off if you do not have the updated firmware or keypads to support this new compliance standard.
What does this mean for current and future IADs (Independent ATM Deployers)?
For current IADs, we strongly advise upgrading your ATMs as soon as possible in the upcoming months and not waiting until the end of 2024. We see this happen anytime there are mandatory updates and parts become scarce and more expensive, field technicians get busier, and you may miss the deadline and have your ATM shut off until you complete the update. If you have a Hyosung, Genmega, Hantle, or Triton ATM and want to can if your ATM model has an upgrade available, you can download this compliance and upgrade paths pdf.
If you are just starting in the ATM business and considering a used machine, be mindful of this new requirement. For example, if you see a good deal on a used Hyosung 1800CE, looking at the above compliance PDF, you can see the Hyosung 1800CE ATM will need to be replaced by 2025 ss the ATM core is WinCE5.0 and is not PCI compliant and can’t be upgraded.
If you wait too long to upgrade, there will be price increases and delays in equipment after October 2024. Schedule your updates by the summer of 2024 so you can be sure of availability. All the PDF ATMs showing “Replace ATM” are boat anchors in 2025.
All the Hyosung ATMs in this compliant Hyosung ATMs PDF show which ATMs will need to be replaced, so don’t buy any used or refurbished Hyosung ATMs listed in this document where it says “Replace ATM?” = Yes!
So, this is a huge warning to all retailers and IADs, be careful who you buy ATMs from and what they did to refurbish them if anything. Used machines have to be cleaned, and tested, have parts replaced, have software reset to factory defaults, include keys and passwords, and be PCI compliant so they can be properly programmed for installation and use after 2025.
Although January 1, 2025 feels like it’s way out in the future, please do not delay updating your ATM. Our CEO has been in the ATM business for over 30 years and our parent company Intelligent e-Commerce, Inc. has been around for almost as long.
We have seen our fair share of ATM security updates including Triple Des & EMV as well as other changes including new ADA guidelines and software sunsets like Windows XP and so on.
We know from decades of experience that updating ATMs early can save you money, time, and headaches as people wait, parts and services become scares and wait times grow longer. If you wait until the middle or end of 2024 or you hope that an extension will be forthcoming, our experience has proven the upgrade kits will be more expensive. It will also mean technicians will be swamped and you may not get your ATM upgraded before the deadline and it would be turned off.
We can not stress how important this update is. Please check the links above and see if your ATM requires an update. If it does, we urge you to call us soon.
If you want to make sure the machine you are buying is PCI compliant, please check out our line of brand-new future-proof ATM Machines.