Final reminder for upcoming EFTPOS hardware upgrade deadline
6 Sep 2024
From 1 October, any EFTPOS terminals running the PCI 3.x standard will no longer be compliant and will be subject to disconnection from Aotearoa New Zealand’s payment network.
Payments NZ clearing systems general manager Jamie Wood says the older terminals have been phased out as newer and more secure technology has come to market.
“We keep the risk of card fraud low by ensuring the EFTPOS payment network is operating to the latest security standards. This keeps New Zealanders and their data safe,” says Wood.
“The plan to phase out this older technology has been developed over a number of years and the vast majority of merchants have already upgraded their terminals.”
Wood says the Payments NZ Board had already offered an extra three-month extension ending 30 September to enable remaining merchants to replace their devices.
“A year ago, we still had around 50,000 of these older terminals still being used in shops, cafes and other businesses that take card payments,” says Wood.
“Although numbers have fallen significantly and continue to drop by the day, we still have several thousand merchants who need to take action now to ensure they can continue serving their customers from the start of next month.”
From 1 October, any remaining PCI 3.x terminals will be subject to disconnection from the payments network.
“It will likely take several days to obtain new hardware and get reconnected to the network. We really want to avoid that sort of disruption to businesses and their customers,” says Wood.
“Terminal vendors and resellers have been talking to merchants about the need to upgrade and so have the banks that provide merchant bank accounts. It’s really important merchants who have waited to take action do so now because time is running out.
“I would like to thank again all the merchants, terminal vendors and resellers for their efforts to upgrade EFTPOS terminals across the country helping to maintain the security standard of hardware used to process card transactions in Aotearoa.”
What are PCI 3.x devices?
3.x devices are EFTPOS terminals compliant with the 3.x standard issued by the international Payment Card Industry (PCI) Security Standards Council. The devices are made by a range of manufacturers and are distributed nationally by a range of vendors and re-sellers.
How does a merchant know what standard their device is?
Anyone who is unsure on whether they are using PCI 3.x devices should check with their hardware provider.
Why do 3.x devices need replacing?
Payments NZ sets device lifecycle dates based on our device lifecycle framework. This framework is in place to ensure sensitive card data continues to be protected from unauthorised use by making sure EFTPOS devices use secure technology.
Find out more about our device lifecycle framework here.
How does Payments NZ set the device lifecycle dates?
In Aotearoa, we adhere to international standards as prescribed by the Payment Card Industry (PCI) Security Standards Council. These standards define security requirements using a risk-reduction methodology which is not intended to eliminate the possibility of fraud, but to reduce the likelihood of it happening and lessen its impact.
What should merchants do if they are still using a 3.x terminal or are unsure?
Anyone still using a 3.x terminal or who is unsure should get in touch with their hardware provider. They need to do this now rather than wait until a disconnection occurs.