Ingenico Desk 3500 User manual

Payment Card Industry (PCI)

SecureConnect

Point-to-Point Encryption

Instruction Manual (PIM)

Version 2.0

January 2021

Contents

P2PE Solution Information and Solution Provider Contact Details 5

1.1 P2PE Solution Information 5

1.2 Solution Provider Contact Information 5

Approved POI Devices, Applications/Software, and the Merchant Inventory 5

2.1 POI Device Details 5

2.2 POI Software/application Details 7

2.3 POI Inventory & Monitoring 8

POI Device Installation Instructions 10

3.1 Installation and connection instructions 10

3.2 Guidance for selecting appropriate locations for deployed devices 14

3.3 Guidance for physically securing deployed devices to prevent unauthorized removal or substitution 16

POI Device Transit 18

4.1 Instructions for securing POI devices intended for, and during, transit 18

4.2 Instructions for ensuring POI devices originate from, and are only shipped to, trusted sites/locations 20

POI Device Tamper Monitoring and Skimming Prevention 21

5.1 Instructions for physically inspecting POI devices and preventing skimming, including instructions and

contact details for reporting any suspicious activity 21

5.2 Instructions for responding to evidence of POI device tampering 23

5.3 Instructions for confirming device and packaging were not tampered with, and for establishing secure,

confirmed communications with the solution provider 24

5.4 Instructions to confirm the business need for, and identities of, any third-party personnel claiming to be

support or repair personnel, prior to granting those personnel access to POI devices 25

Device Encryption Issues 25

6.1 Instructions for responding to POI device encryption failures 25

6.2 Instructions for formally requesting of the P2PE solution provider that P2PE encryption of account data

be stopped 26

POI Device Troubleshooting 26

7.1 Instructions for troubleshooting a POI device 26

Additional Solution Provider Information 27

PIM Template for PCI P2PE v2.0

Payment Card Industry Point-to-Point Encryption Standard

1. P2PE Solution Information and Solution Provider Contact Details

1.1 P2PE Solution Information

Solution name:

SecureConnect Point-to-Point Encryption (P2PE) Solution

Solution reference number per PCI SSC

website:

2021-01337.001

1.2 Solution Provider Contact Information

Company name:

Electronic Payment Exchange (EPX)

Company address:

250 Stephenson Hwy

Troy, MI 48083

Company URL:

www.epx.com

Contact name:

Customer Care Support

Contact phone number:

866-485-8999

Contact e-mail address:

[email protected]

P2PE and PCI DSS

Merchants using this P2PE Solution may be required to validate PCI DSS compliance and should be

aware of their applicable PCI DSS requirements. Merchants should contact their acquirer or payment

brands to determine their PCI DSS validation requirements.

2. Approved POI Devices, Applications/Software, and the Merchant Inventory

2.1 POI Device Details

The following information lists the details of the PCI-approved POI devices approved for use in this P2PE

solution.

Note all POI device information can be verified by visiting:

https://www.pcisecuritystandards.org/approved_companies_providers/approved_pin_transaction_security.php

POI device vendor:

Ingenico

POI device model name and number:

IPP315

Hardware version #(s):

IPP315-31T3685A

Firmware version #(s):

M1: 820180v01.02

PCI PTS Approval #(s):

4-30176

PIM Template for PCI P2PE v2.0

Payment Card Industry Point-to-Point Encryption Standard

POI device vendor:

Ingenico

POI device model name and number:

Desk 3500

Hardware version #(s):

DES35BB

Firmware version #(s):

M1: 820547v01.04

M3: 820548v02.05

M4: 820556v01.01

PCI PTS Approval #(s):

4-20283

POI device vendor:

Ingenico

POI device model name and number:

Desk 5000

Hardware version #(s):

DES50BA

Firmware version #(s):

M1: 820547v01.04

M3: 820548v02.05

M4: 820556v01.01

PCI PTS Approval #(s):

4-20281

POI device vendor:

Ingenico

POI device model name and number:

Lane 3000

Hardware version #(s):

LAN30AA

Firmware version #(s):

M1: 820547v01.04

M3: 820548v02.05

M4: 820556v01.01

PCI PTS Approval #(s):

4-30310

POI device vendor:

Ingenico

POI device model name and number:

Lane 5000

Hardware version #(s):

LAN51BA

Firmware version #(s):

M1: 820547v01.04

PIM Template for PCI P2PE v2.0

Payment Card Industry Point-to-Point Encryption Standard

M3: 820548v02.05

M4: 820556v01.01

PCI PTS Approval #(s):

4-20303

POI device vendor:

Ingenico

POI device model name and number:

Move 5000

Hardware version #(s):

MOV50BB

Firmware version #(s):

M1: 820547v01.04

M3: 820548v02.05

M4: 820556v01.01

PCI PTS Approval #(s):

4-20282

2.2 POI Software/application Details

The following information lists the details of all software/applications (both P2PE applications and P2PE

non-payment software) on POI devices used in this P2PE solution.

Note that all applications with access to clear-text account data must be reviewed according to Domain 2

and are included in the P2PE solution listing. These applications may also be optionally included in the

PCI P2PE list of Validated P2PE Applications list at vendor or solution provider discretion.

Application

vendor,

name and

version #

POI

device

vendor

POI device

model name(s)

and number

POI Device Hardware &

Firmware Version #

application

PCI listed?

(Y/N)

Does

application

have access

to clear-text

account

data (Y/N)

EPX,

EPXPay

A2.2.1.**.**

Ingenico

Desk 3500,

Desk 5000,

Lane 3000,

Lane 5000,

Move 5000

Desk 3500:

Hardware:

DES35BB

Firmware:

820556v01.01

Desk 5000:

Hardware:

DES50BA

Firmware:

820556v01.01

Lane 3000:

Hardware:

LAN30AA

(2021-013

37.003)

PIM Template for PCI P2PE v2.0

Payment Card Industry Point-to-Point Encryption Standard

Firmware:

820556v01.01

Lane 5000:

Hardware:

LAN51BA

Firmware:

820556v01.01

Move 5000:

Hardware:

MOV50BB

Firmware:

820556v01.01

2.3 POI Inventory & Monitoring

▪All POI devices must be documented via inventory control and monitoring procedures, including

device status (deployed, awaiting deployment, undergoing repair or otherwise not in use, or in

transit).

▪This inventory must be performed annually, at a minimum.

▪Any variances in inventory, including missing or substituted POI devices, must be reported to EPX

via the contact information in Section 1.2 above.

▪Sample inventory table below is for illustrative purposes only. The actual inventory should be

captured and maintained by the merchant in an external document.

The merchant must maintain a Merchant Inventory Log of the inventory and inspection results for all POI

devices that are included in the EPX P2PE Solution. The merchant should designate specific trusted

custodians who are solely granted access to the log and are responsible for updating and maintaining it. The

inventory of POI devices included in the EPX P2PE Solution must be reviewed and updated under the

following conditions:

● Annually.

● Upon sending or receiving any such devices.

● When any items required in the Merchant Inventory Log associated with such devices are changed.

Any variances in inventory, including missing or substituted devices, may indicate that a security compromise

has occurred. This must be reported to EPX using the contact information in Section 1.2 of this document. The

Sample Inventory Table template following this section provides an example of the format that may be used to

track POI device inventory. The actual Merchant Inventory Log must be maintained by the merchant in an

external digital or physical document. The log must be secured under locked storage when not under the

control of the merchant’s trusted custodians. If the log exists as a digital file, it must be password protected

with a strong password or it must be encrypted to prevent unauthorized access.

The Merchant Inventory Log must contain at least the following information:

●Inventory Inspection date: This is the date that the inventory was reviewed and the Merchant

Inventory Log was updated.

●POI device manufacturer and vendor name: This is the name of the company that manufactured

the device and the name of the company from which the device was purchased.

PIM Template for PCI P2PE v2.0

Payment Card Industry Point-to-Point Encryption Standard

●POI device model name and number: This is located on a sticker affixed to the device or is printed

directly on the device itself.

●POI device location: This is the name and address of the merchant facility where the device is

currently located.

●POI device status: This is one of the following statuses:

○ Deployed: The POI device is actively being used by the merchant.

○ In storage: The merchant has received the POI device and has placed it into secure storage.

Maintain a separate Storage Access Log to document every time the secure storage area is

accessed. See “Securing POI devices in storage” in Section 3.3 of this document for

additional information.

○ In transit: The POI device is being shipped either to another merchant location, EPX, or the

trusted device vendor.

○ Undergoing repair: The merchant has sent the POI device to EPX or the device vendor for

repair, and has received confirmation that it was securely delivered.

○ Terminated: The merchant sent the POI device to EPX or the device vendor to be returned,

and received confirmation that it was securely delivered. Devices with this status will no

longer be used by the merchant.

●Serial number of POI device: This is the unique number printed on a sticker affixed to the POI

device.

●Serial number of tamper-evident bag (if available): This is the unique number printed on a sticker

affixed to the security bag enclosing the individual POI device.

●POI device condition: This is a description of the condition of the device, whether active or inactive,

and must include the following information:

○ An assessment of the device’s condition according to the guidance in Section 5.1 of this

document.

○ An evaluation of whether the device is secure according to the guidance in Sections 4.2, 5.1,

and 5.2 of this document. Use one of the following conditions:

■ Tampered: The POI device appears to have been tampered with and must not be

used.

■ Untampered: The POI device is securely in-tact and may be used.

■ Untrusted: The POI device cannot be verified as having arrived from a trusted source

or its serial number does not match the expected value. The device must not be used

until it can be verified. The trusted equipment provider will conduct an investigation

for any device with an “Untrusted” condition.

●Device weight: Optionally, record the device weight. Refer to Section 5.1 of this document for

instructions on weighing the device.

If you detect anything suspicious, immediately remove the POI device from service and follow the guidance in

Section 5.2 of this document.

Sample Inventory Table

Device

vendor

Device model

name(s) and

number:

Device

Location

Device

Status

Serial Number or

other

Unique

Identifier

PIM Template for PCI P2PE v2.0

Payment Card Industry Point-to-Point Encryption Standard

3. POI Device Installation Instructions

Do not connect non-approved cardholder data capture devices.

The P2PE solution is approved to include specific PCI-approved POI devices. Only these devices denoted

above in table 2.1 are allowed for cardholder data capture.

If a merchant’s PCI-approved POI device is connected to a data capture mechanism that is not PCI approved,

(for example, if a PCI-approved SCR was connected to a keypad that was not PCI-approved):

▪The use of such mechanisms to collect PCI payment-card data could mean that more PCI DSS

requirements are now applicable for the merchant.

▪Only P2PE approved capture mechanisms as designated on PCI’s list of Validated P2PE Solutions and

in the PIM can be used.

Do not change or attempt to change device configurations or settings.

Changing or attempting to change device configurations or settings will invalidate the

PCI-approved P2PE solution in its entirety. Examples include, but are not limited to:

▪Attempting to enable any device interfaces or data-capture mechanisms that were disabled on the

P2PE solution POI device

▪Attempting to alter security configurations or authentication controls

▪Physically opening the device

▪Attempting to install applications onto the device

3.1 Installation and connection instructions

General installation and connection instructions

This section includes general device installation and connection instructions that must be followed to begin

processing. For specific instructions about each device, see “Device-specific installation and connection

instructions” below.

The following are strictly prohibited and will invalidate the EPX P2PE Solution:

● Use of any devices not denoted in Section 2.1 of this document for cardholder data capture

● Changing the device or its configuration settings

● Attempting to enable any device interfaces or data-capture mechanisms that were disabled

● Attempting to alter security configurations or authentication controls

● Physically opening the device

● Attempting to install applications onto the device

When setting up a POI device:

1. Review the instructions in Sections 4.2 and 5.1 of this document to ensure that the device is not

compromised.

2. Review the placement guidance and security recommendations in Section 3.3 of this document.

3. Unpack the device and other components.

4. Securely connect the device to its approved data source. You may need to remove the cover on the

back of the device to locate the connection port or use the connection box, if applicable. The external

PIM Template for PCI P2PE v2.0

Payment Card Industry Point-to-Point Encryption Standard

communication methods approved by Ingenico and included in this P2PE solution include the

following:

● IPP315: Ethernet

○ For the configurations of Desk5000+IPP315 and Desk3500+IPP315, DeskXXXX

and IPP315 communicate through USB port, which is processed and managed only

by the Ingenico platform software.

● Desk 3500: Ethernet, Modem, Wi-Fi, and Network Cellular

● Desk 5000: Ethernet, Modem, Wi-Fi, and Network Cellular

● Lane 3000: Ethernet and Wi-Fi

● Lane 5000: Ethernet

● Move 5000: Wi-Fi and Network Cellular

The use of any other external communication methods outside of those defined in this section is not

allowed.

5. If applicable for PIN-pads, Semi-Integrated devices, Secure Card Readers (SCR), etc., connect the

POS system according to the POS system provider’s instructions. If applicable, use the same data

source for all elements of the POS system. To reduce the potential for tampering, do not use USB

hubs, cable extenders, etc.

6. Securely connect one end of the power supply to the device and the other end to an available

electrical outlet. You may need to remove the cover on the back of the device to locate the

connection port or use the connection box, if applicable.

7. Allow the initial boot process to complete and allow the device to charge, if necessary.

8. If your shipment included instructions for any further set-up, follow them completely. If you have any

further questions, contact EPX using the contact information in Section 1.2 of this document.

9. Your system is ready to begin processing.

10. Update the status of the POI device to “Deployed” in the Merchant Inventory Log. Physically or

digitally secure the Merchant Inventory Log when finished.

Device-specific installation and connection instructions

This section includes device installation and connection instructions that must be followed to begin

processing. All requirements included in the user guides provided by Ingenico for each device must also be

followed.

IPP315 PIN-pad:

The IPP315 is a customer-facing PIN-pad that allows customers to input their method of payment.

The PIN-pad connects to the merchant-facing Ingenico terminal.

1. Review the instructions in Sections 4.2 and 5.1 of this document to ensure that the device is

not compromised.

2. Review the placement guidance and security recommendations in Section 3.3 of this

document.

3. Unpack the PIN-pad with the connection cable.

4. Disconnect the power cable from the Ingenico terminal.

5. Remove the back cover of the terminal by pushing in the clips (1) simultaneously. Lift the lid

rearward to remove it.

PIM Template for PCI P2PE v2.0

Payment Card Industry Point-to-Point Encryption Standard

6. Locate the PIN-pad’s USB port and plug the PIN-pad’s cable into the USB port. Ensure the

cable connection to the PIN-pad is secure.

7. Connect the other end to the terminal’s USB port located on the back.

8. Replace the back cover on the terminal. To securely close the cover, you may need to safely

use a sharp tool to remove one of the rubber strips highlighted in the image below:

9. Reconnect the power cable to the terminal. As the terminal and and PIN-pad boot up, the

terminal screen should display “EPX” and the PIN-pad should display a smiley face in the

top left corner of the screen.

10. On the terminal, navigate to the PIN-pad settings.

a. Press “F” to access the Functions Menu

b. Press “0 - Telium Manager”

c. Press “5 - Initialization”

d. Press “1 - Parameters”

e. Press the down arrow below “F2” and select “PIN-pad”

f. Select “Autodetect”

g. The terminal screen will display “IPP315.” If “PIN-pad out of order” or any other

message displays instead of “IPP315,” please contact EPX Technical Support using the

following contact information. Technical Support is available at all times:

● Phone: 888-848-6825, extension 9404

● Email: [email protected]

h. Press “Enter”

11. The PIN-pad is ready to use.

PIM Template for PCI P2PE v2.0

Payment Card Industry Point-to-Point Encryption Standard

Desk 3500 and Desk 5000:

1. Review the instructions in Sections 4.2 and 5.1 of this document to ensure that the device is

not compromised.

2. Review the placement guidance and security recommendations in Section 3.3 of this

document.

3. Unpack the terminal and other components.

4. Ensure the terminal connector (Magic Box) is connected securely to the back of the terminal.

5. Connect one end of the Ethernet cable to the Magic Box and the other to a router or modem.

6. Connect one end of the power cable to the Magic Box and the other end to an electrical

outlet.

7. The terminal will begin the initial boot process.

8. Once completed, the terminal is ready to use.

Lane 3000:

The Lane 3000 is a Semi-Integrated (SI) device that must be connected to an Ingenico Point of Sale

(POS) system:

1. Review the instructions in Sections 4.2 and 5.1 of this document to ensure that the device is

not compromised.

2. Review the placement guidance and security recommendations in Section 3.3 of this

document.

3. Unpack the SI device and other components.

4. On the back of the SI device, locate the port for power and communications. Connect the SI

device cable to the port.

5. Connect the other end to the power supply unit and a POS device.

6. Plug the power supply cable into an electrical outlet.

7. The SI device will begin the initial boot process.

8. Once completed, the SI device is ready to use.

Lane 5000:

1. Review the instructions in Sections 4.2 and 5.1 of this document to ensure that the device is

not compromised.

2. Review the placement guidance and security recommendations in Section 3.3 of this

document.

3. Unpack the terminal and other components.

4. On the back of the terminal, locate the port for power and communications and connect the

device cable to the port.

5. Connect the other end to the power supply unit.

6. Plug the power supply cable into an electrical outlet.

PIM Template for PCI P2PE v2.0

Payment Card Industry Point-to-Point Encryption Standard

7. The terminal is ready for use.

Move 5000:

1. Review the instructions in Sections 4.2 and 5.1 of this document to ensure that the device is

not compromised.

2. Review the placement guidance and security recommendations in Section 3.3 of this

document.

3. Unpack the terminal and other components.

4. Install the battery:

a. On the back of the device, push the clips to remove the panel.

b. Find the battery connector near the battery compartment.

c. Plug the battery pack included in the box into the battery pack connector and

ensure it is securely locked in place.

d. Close the back cover.

5. Charge the battery for at least four hours by connecting one end of the power cable to the

charging port on the device’s left side and the other end to an electrical outlet.

6. Once the battery indicator on the device’s screen shows that the battery is fully charged and

the device is connected to the Internet, it is ready to use.

Note: Only PCI-approved POI devices listed in the PIM are allowed for use in the P2PE solution for

account data capture.

Physically secure POI devices in your possession, including devices:

▪Awaiting deployment

▪

Undergoing repair or otherwise not in use

▪

Waiting transport between sites/locations.

3.2 Guidance for selecting appropriate locations for deployed devices

Appropriate locations for deployed devices:

Merchants should consider the following when selecting appropriate locations for deployed devices:

● Place devices so they can be observed and monitored by authorized personnel.

● The POI device must be located in a well-lit area.

● The device must be easily observable by authorized employees. Place the device in a

high-visibility area where it can be observed and monitored by authorized employees, for

example, during daily device checks performed by staff.

● Use visible security measures to discourage tampering and POI device removal or

substitution. Visible measures can include video cameras, signs alerting the customer to

security methods in place, and physical security methods such as tethers, stands, mounting

plates, etc. For information on physically securing the device, refer to Section 3.3 of this

document.

● If using video surveillance, position the camera in such a way as to not record customer PIN

entry.

● The devices must be available for store/security staff to perform daily device checks.

● Control public access to devices.

PIM Template for PCI P2PE v2.0

Payment Card Industry Point-to-Point Encryption Standard

● Public access must be limited to only parts of the device a customer is expected to use to

complete a transaction (for example, PIN-pad and card reader).

● Place devices in an environment that deters compromise attempts.

● Use appropriate lighting, access paths, and visible security measures.

● The device must be positioned in a way to help prevent tampering.

● Customer access to the device must be limited to the parts of the device that a customer is

expected to use to complete a transaction, such as the PIN-pad and card reader. Consider

using a stand or mounting plate that physically restricts access to the other parts of the

device. Consider keeping POI devices behind a desk or counter so that they may be passed

to the customer only if PIN entry is required.

● Mount the device in such a way as to obscure observation of the PIN-pad. When possible,

use visual shields or stands that enable the cardholder to pivot the keypad to ensure privacy.

● If the customer will not interact with the device, place the device on a trusted employee’s

desk where only that employee can access the device so that it is not accessible by

customers or other employees.

● Using the guidance in Section 3.3 of this document, physically secure deployed devices to

prevent unauthorized removal or substitution. Mobile devices and any devices not in use

must be physically secured in a locked storage area. Update the Storage Access Log each

time the storage area is accessed, including checking in and checking out mobile devices.

See the “Securing POI devices in storage” portion of Section 3.3 of this document for more

information.

Comply with all POI device manufacturer recommendations regarding temperature extremes, moisture

exposure, vibration, ventilation requirements, etc.

Appropriate locations for POI devices awaiting deployment:

Consider the following when choosing a location for POI devices that are awaiting deployment. Always

secure physical access to devices that are not deployed or currently being used, including devices that are

awaiting deployment.

At each location, designate a secure storage method for POI devices not in use. Physical access must be

strictly secured using a locking mechanism. Suitable secure storage options include a locked cabinet, safe,

lock box, etc. For access to the secure storage area, define a limited number of trusted custodians who alone

will have access. Keys, passwords, and/or combinations must be kept secure at all times. Non-authorized

individuals must not have access to the secure storage or to the keys, passwords, and/or combinations used

to secure the storage area.

Update the Storage Access Log each time the secure storage is accessed. See the “Securing POI devices in

storage” portion of Section 3.3 of this document for more information.

Appropriate locations for POI devices undergoing repair or otherwise not in use:

Consider the following when choosing a location for POI devices that are undergoing repair or otherwise not

in use. Always secure physical access to devices that are not deployed or being used.

At each location, designate a secure storage method for POI devices undergoing repair or not in use.

Physical access must be strictly secured using a locking mechanism. Suitable secure storage options include

a locked cabinet, safe, lock box, etc. For access to the secure storage area, define a limited number of

trusted custodians who alone will have access. Keys, passwords, and/or combinations must be kept secure

at all times. Non-authorized individuals must not have access to the secure storage or to the keys,

passwords, and/or combinations used to secure the storage area.

PIM Template for PCI P2PE v2.0

Payment Card Industry Point-to-Point Encryption Standard

Update the Storage Access Log each time the secure storage is accessed. See the “Securing POI devices in

storage” portion of Section 3.3 of this document for more information.

Appropriate locations for POI devices awaiting transport between sites/locations:

Consider the following when choosing a location for POI devices that are awaiting transport between

sites/locations. Secure physical access to devices that are not deployed or being used, including devices

awaiting transport.

At each location, designate a secure storage method for POI devices not in service. Physical access must be

strictly secured using a locking mechanism. Suitable secure storage options include a locked cabinet, safe,

lock box, etc. For access to the secure storage area, define a limited number of trusted custodians who alone

will have access. Keys, passwords, and/or combinations must be kept secure at all times. Non-authorized

individuals must not have access to the secure storage or to the keys, passwords, and/or combinations used

to secure the storage area. See Section 4.1 of this document for more information about transporting POI

devices.

Update the Storage Access Log each time the secure storage is accessed. See the “Securing POI devices in

storage” portion of Section 3.3 of this document for more information.

3.3 Guidance for physically securing deployed devices to prevent unauthorized removal or

substitution

Securing deployed, attended POI devices

Terminals must be physically secured at each location to help protect against tampering, compromise,

substitution, and skimming. Consider the following guidance when physically securing POI devices:

● Mount devices to PCI-approved security stands. Ingenico recommends the use of mounted payment

terminal stands designed specifically for their devices. Ingenico Group has primarily partnered with

three companies to manufacture these products: SpacePole Inc., Tailwind, and ENS.

● SpacePole Inc. offers fixed stands or stands that feature an adjustable base. These stands

may be screwed or glue-pad mounted to a desk or counter. For more information, contact

SpacePole Inc. at https://www.spacepole.com/contact/

● Tailwind’s PEDpack attaches to Ingenico devices and locks into the stand. This comes with

a glue-pad desk- or counter-mounting application. For more information, contact Tailwind at

https://tailwind-solutions.com/contact

● ENS provides converter plates for merchants transitioning from previous terminals to

Ingenico products. For more information, contact ENS at

https://www.ens-co.com/contact-us/

● Tether the POI device with a suitable tether lock using the recommended attachment point for the

device. Make sure the other end of the tether is physically secured.

EPX can help advise when choosing a suitable method of physical security. Note that the use of cable

tethers or other device-fastening methods must not interfere with your ability to inspect the POI device for

tampering.

Securing deployed mobile, wireless, or handheld POI devices

For POI devices that cannot be physically secured (such as wireless or handheld devices), observe the

following guidance:

PIM Template for PCI P2PE v2.0

Payment Card Industry Point-to-Point Encryption Standard

● Secure devices in a locked storage area anytime they are not in use. For additional information, refer

to “Securing POI devices in storage” in this section. Outside of business hours, always place the

devices in secure storage.

● Sign devices in and out of storage using the Storage Access Log described in the “Securing POI

devices in storage” of this section.

● Assign responsibility to specific trusted individuals when devices are in use.

● Visually observe devices in use at all times. Do not leave in-use devices unattended or unobserved

at any time.

● Inspect devices daily for signs of tampering or substitution.

Securing POI devices in storage

Secure physical access to devices that are not deployed or being used, including devices that are awaiting

deployment and shipment. Maintain a Storage Access Log that is updated each time the secure storage is

accessed, including the following information:

● The name of the individual accessing the secure storage area

● The purpose for accessing the secure storage area

● The serial numbers of the devices handled

● The date of access

● The start and end time of access

● (If applicable) Mobile/wireless/handheld device check in/out date

● (If applicable) Mobile/wireless/handheld device check in/out time

At each location, designate a secure storage method for POI devices not in use. This secure storage must

have strict physical access secured using some type of locking mechanism. Suitable secure storage options

include a locked cabinet, safe, lock box, etc. For access to the secure storage, define a strictly limited number

of trusted custodians who alone will have the key, password, or combination. Keys, passwords, or

combinations are to be kept secure at all times. Non-authorized individuals must not have access to the

secure storage or to the keys, passwords, or combinations used to secure the storage.

Securing POI devices undergoing repair or maintenance

Secure physical access to devices that are not deployed or being used, including devices that are

undergoing repair or maintenance in your possession. If a device must be serviced while at your location,

follow the instructions in Section 5.4 of this document to confirm the identity and authenticity of the service

technician. Ensure the Visitor’s Log is filled out as described in Section 5.4 of this document. Every time the

POI device is removed from secure storage for the service technician to service, update the Storage Access

Log, including:

● The name of the individual accessing the secure storage area

● The purpose for accessing the secure storage area

● The serial numbers of the devices handled

● The date of access

● The start and end time of access

Update the Merchant Inventory Log device status to “Undergoing Repair.” Once the POI device has been

serviced, return it to the secure storage area and update the Storage Access Log and the Merchant Inventory

Log, as applicable.

PIM Template for PCI P2PE v2.0

Payment Card Industry Point-to-Point Encryption Standard

4. POI Device Transit

4.1 Instructions for securing POI devices intended for, and during, transit

Securely transporting POI devices to any location: trusted shipping couriers

When shipping POI devices to any location, establish a strict chain of custody to maintain security of the

device at all times. If a device has been deployed, all open batches must be closed, any other processing

activity must be completed or terminated, and the device must be powered off before shipping.

If the original tamper-evident packaging is in-tact for a device, do not open the packaging. If a device has no

tamper-evident packaging, enclose each POI device individually in tamper-evident packaging to provide

visual clues of a tampering event, and because tamper-evident packaging has serialized numbering that is

unique for each bag. This material is available at most office supply stores. Record the POI device serial

number and the serial number associated with the tamper-evident packaging in the Merchant Inventory Log.

Ensure that the POI device is packed with sufficient padding and care to avoid device damage. The device

should be contained in a small box, which should then be placed in a larger shipment box.

Use a trusted shipping courier such as UPS or FedEx that provides tracked shipping. Record the tracking

information for the shipment. Always require a signature for package delivery.

If shipping to another merchant location, designate a trusted recipient who will receive the shipment. Only this

person must receive the shipment.

Before shipping, provide the recipient with the following details in a secure, written message:

● Courier name

● Recipient’s name (if applicable)

● Tracking number

● Tamper-evident bag serial number(s)

● POI device serial number(s)

● Merchant location the device is being shipped from

Once shipped, update the Merchant Inventory Log to reflect that the POI device is in transit. Confirm the

receipt of the POI device by communicating with the recipient. Update the Merchant Inventory Log device

status to reflect the new status and location of the POI device. Digitally or physically secure the log book

when finished. The recipient should follow all directions in Sections 4.2, 5.1, and 5.3 of this document.

Securely transporting POI devices between merchant locations: trusted merchant custodians

Trusted custodians at the merchant location can transport POI devices between merchant locations

themselves as long as the guidance in this document is followed. Establish a strict chain of custody to

maintain security of the device at all times. The merchant must maintain a list of designated custodians at

each listed location. The devices must be in possession of a trusted custodian at all points during relocation.

If a device has been deployed, all open batches must be closed, any other processing activity must be

completed or terminated, and the device must be powered off before shipping.

Designate a trusted recipient who will receive the shipment. Only this person must receive the shipment.

Before shipping, provide the trusted recipient with the following details in a secure, written message:

● Deliverer’s name

PIM Template for PCI P2PE v2.0

Payment Card Industry Point-to-Point Encryption Standard

● Recipient’s name

● Tamper-evident bag serial number(s)

● POI device serial number(s)

● Merchant location the device is being shipped from

The devices must only be transported and received by the identified custodians.

Before shipping, if a device has no tamper-evident packaging, enclose each POI device individually in

tamper-evident packaging to provide visual clues of a tampering event, and because tamper-evident

packaging has serialized numbering that is unique for each bag. This material is available at most office

supply stores. Record the POI device serial number and the serial number associated with the

tamper-evident packaging in the Merchant Inventory Log. Ensure that the POI device is packed with

sufficient padding and care to avoid device damage. The device should be contained in a small box, which

should then be placed in a larger shipment box.

Once in transit, update the Merchant Inventory Log to reflect that the POI device is in transit. During transit,

the deliverer may not leave the device unattended at any time. Confirm the receipt of the POI device by

communicating with the recipient. Update the Merchant Inventory Log device status to reflect the new status

and location of the POI device. Digitally or physically secure the log book. The recipient should follow all

directions in Sections 4.2, 5.1, and 5.3 of this document.

Securely transporting POI devices to be returned