top of page
< Back

A2.2 PCI DSS (v3.2.1)

Compliance Standard

Compliance Version

Control ID




Appendix A2: Additional PCI DSS Requirements for Entities using SSL/Early TLS for Card-Present POS POI Terminal Connections

Note: SSL/early TLS may not be used as a security control, except by POS POI terminals that are verified as not being susceptible to known exploits and the termination points to which they connect, as defined in this Appendix.


Requirement for Service Providers Only: All service providers with existing connection points to POS POI terminals referred to in A2.1 that use SSL and/or early TLS must have a formal Risk Mitigation and Migration Plan in place.

bottom of page