Article
Evolving in-person payment security: A technical approach to support Adyen’s transition to PCI PTS 6
This transition isn’t just about compliance, but about building a stronger, smarter foundation for your payments. Whether you’re scaling globally or upgrading your in-store infrastructure, PCI PTS 6 helps you stay ahead.
The battle to stay ahead of security threats is ongoing, and although routine updates help, it’s foresight and adaptability that keeps businesses well ahead of the next big breach. The industry-wide transition from PCI PTS 5 to PCI PTS 6 is a critical step in this security evolution and an important milestone for our customers. At Adyen, we’re not only supporting this shift; we’re leading it.
For businesses operating at scale, particularly those with in-store volume, PCI PTS 6 offers the opportunity to modernize infrastructure, activate performance improvements, and prepare their payment experience for what’s next.
In this post, we’ll explain why PCI PTS 6 matters from a technical perspective, how we’ve designed our next-generation devices to meet the new standard, and how we’re helping you make the transition as smooth as possible.
Why PCI PTS 6 matters
The Payment Card Industry PIN Transaction Security (PCI PTS) standard defines how payment terminals must be secured against fraud, physical attacks, and software vulnerabilities. PCI PTS 5 will officially sunset on April 30, 2027. While existing terminals can continue to operate beyond that date (through April 2029), all newly deployed terminals after 2027 must be PCI PTS 6 certified.
What makes PCI PTS 6 technically better than PCI PTS 5?
Our new terminals are built on the foundation of PCI PTS 6. This new standard comes with a series of technical improvements, offering greater protection, performance, and flexibility:
Stronger cryptography: ECC (Elliptic Curve Cryptography) replaces RSA (Rivest-Shamir-Adleman) for better encryption with shorter keys, boosting performance and future-proofing for quantum threats.
Enhanced physical security: Devices feature advanced tamper detection and stricter HSM (Hardware Security Module) standards for secure key storage.
Firmware and software strengthening: Mandatory three-year firmware revalidation, secure boot, and runtime integrity checks to prevent malware and unauthorized updates.
Support for mobile-first payments: Full support for SPoC allows secure PIN entry on mobile devices, further expanding flexible, hardware-light payment options.
Modular compliance framework: Tailored requirements based on terminal use case (e.g., contactless, unattended), enabling specialized deployments with strong security.
Real-time threat detection: Built-in anomaly detection systems and enforced MFA (Multi-Factor Authentication) for critical functions like firmware updates.
Technical Comparison: PCI PTS 5 vs PCI PTS 6
Cryptography
PCI PTS 5
RSA-based systems
PCI PTS 6
ECC required for EMV
Tamper resistance
PCI PTS 5
Basic safeguards
PCI PTS 6
Advanced sensors + auto-wipe memory
Firmware lifecycle
PCI PTS 5
No fixed timeline
PCI PTS 6
3-year revalidation cycle
Mobile payments
PCI PTS 5
Limited SPoC support
PCI PTS 6
Full SPoC integration
Key management
PCI PTS 5
Standard HSMs
PCI PTS 6
Enhanced requirements for HSMs
Security architecture
PCI PTS 5
Generic requirements
PCI PTS 6
Modular, use-case-based enforcement
The Adyen approach to PCI PTS 6 and seamless transition
Our PCI PTS 6 terminal portfolio isn’t just designed to be compliant; it’s built to be technically superior. That means:
Android-powered devices: Our Android-based terminals allow for faster performance, more memory, and support for dynamic content, brand customization, and customer engagement.
Advanced capabilities: Built-in cameras, barcode scanning, accessibility audio and high-resolution touch displays create a more versatile payment experience.
Support for business apps: Powerful processors and large displays make it possible to integrate POS apps, loyalty programs, or even inventory management directly on the terminal.
Remote management and diagnostics: Our roadmap includes enhanced remote diagnostics, customized menu access, and deeper remote support tooling to simplify operations and reduce downtime.
We’ve made the PCI PTS 6 transition as smooth and low-effort as possible for businesses already using our platform. Here’s how:
Seamless plug and play migration: Swap PCI PTS 5 devices for PTS 6 terminals with no need for new integration, and payments will work instantly.
Diverse and available hardware: A wide range of terminals are available to support all business formats, from mobile to kiosk and unattended.
Cost-effective upgrade: Most new terminals are more affordable than previous models, offering better value without compromising quality.
How our single platform makes it simple
Making the experience this seamless is possible because of the way we’ve built our single platform. While the transition may feel like a simple hardware swap on your end, a lot of work happens in the background to ensure it's that easy.
Here’s a look at the technical foundation that makes it work:
A unified Terminal API for zero-effort integration: Your existing POS integration works out of the box with new hardware. This is because we use a unified Terminal API across our entire device fleet. Your systems communicate with our API, which then handles the device-specific logic. This means you never need to build a new integration when you upgrade your terminals.
Platform-level features for instant parity: True feature parity is a direct result of our platform architecture. Critical features, like tokenization and reporting to our risk tools, are managed centrally on the platform, not coded onto the device itself. When you connect a new PTS 6 terminal, it instantly inherits the full, consistent functionality your business already relies on.
Centralized management of payment methods and certifications: Adding or updating payment methods doesn't require complex, terminal-by-terminal updates. We manage all payment method integrations and global certifications on our end. You can activate new options, like local payment methods, for your entire fleet through your Adyen Dashboard, with no additional development work.
What’s next?
This transition isn’t just about compliance, but about building a stronger, smarter foundation for your payments. Whether you’re scaling globally or upgrading your in-store infrastructure, PCI PTS 6 helps you stay ahead.
To explore the full terminal range or begin planning your transition, get in touch with your Adyen contact or visit our Help Center.