top of page
< Back

A2.1 PCI DSS (v3.2.1)

Compliance Standard

Compliance Version

Control ID




Appendix A2: Additional PCI DSS Requirements for Entities using SSL/Early TLS for Card-Present POS POI Terminal Connections

Note: SSL/early TLS may not be used as a security control, except by POS POI terminals that are verified as not being susceptible to known exploits and the termination points to which they connect, as defined in this Appendix.


Where POS POI terminals (at the merchant or payment acceptance location) use SSL and/or early TLS, the entity must confirm the devices are not susceptible to any known exploits for those protocols.

Note: This requirement is intended to apply to the entity with the POS POI terminal, such as a merchant. This requirement is not intended for service providers who serve as the termination or connection point to those POS POI terminals. Requirements A2.2 and A2.3 apply to POS POI service providers.

bottom of page