CONTINUE TO SITE »
or wait 15 seconds

Blog

Should I Update My EPP? How to Ensure Your EPP is TR-31 Compliant & Aligns with PCI Regulations

Encrypting PIN Pads (EPPs) secure ATM PIN entries, but many banks use outdated models like Diebold’s EPP3, which PCI marked "end of life" in 2021. Trusted Security Solutions helps banks stay compliant with evolving TR-31 and PCI standards, guiding them through updates to ensure ATM systems remain secure and compliant.

Photo: Trusted Security Solutions, Inc.

November 14, 2024

In the banking and ATM industry, EPPs (Encrypting PIN Pads) are crucial to ATM systems. EPPs are the everyday devices you interact with when entering your ATM’s PIN (Personal Identification Number). They are critical for securely capturing and encrypting PIN entries, preventing fraud and securing customer data. However, different versions of EPPs are created by different manufacturers, with many banks operating older versions like EPP3 by Diebold, which PCI declared “end of life” on April 30, 2021. How can you ensure your systems are up to date and compliant with TR-31 and PCI regulations? Trusted Security Solution is here to help you navigate this complicated and changing landscape and ensure your systems are compliant and up to date.

Past & Current Landscape of EPPs

The payment industry has seen significant changes in the standards governing EPPs. Earlier versions of EPPs provided basic encryption and tamper-resistant features. These systems became more robust with advanced encryption methods and stronger security features as they were updated. However, many banks still operate on older devices like EPP3, which PCI declared outdated on April 30, 2021. With little direction on the next steps, many banks are confused. The decision to continue using EPP devices is left to payment brands like Visa and Mastercard.

The Confusion Surrounding EPP Mandates

Some questions that remain in the ATM & banking industry after the announcement by PCI are:

  • Should we continue using our current EPPs?
  • Does my current EPP support payment transactions?
  • Do we need to upgrade our devices immediately?
  • Who should we reach out to for guidance?

Each payment brand has its own set of mandates regarding expired EPPs. What may be acceptable for Visa can differ from Mastercard’s requirements. Such disparities add to the confusion and make it challenging for banks to ensure they remain compliant. So, it’s important to contact your payment card brand and ATM vendor to answer the questions above and many more.

Why Reaching Out to Your ATM Vendor is Crucial

As you prepare for TR-31 and PCI audits, clear guidance on your EPPs’ status is essential. This is where reaching out to your ATM vendor becomes critical. Gain the below and much more by directly consulting with your ATM manufacturer:

  • Clarity on Compliance: Understanding whether your current EPPs are still supported and if they meet TR-31 requirements.
  • Guidance on Upgrades: Knowing whether an upgrade is necessary and, if so, who to contact and how to implement it.
  • Assurance for Audits: Ensuring all devices and systems align with the latest security standards to avoid penalties.

Take the Next Step

Taking these steps will help maintain security and compliance, ultimately improving your customers’ experience.

  1. Review Current EPPs: Identify the current models and their compliance status.
  2. Consult Payment Brands: Contact your payment card account executive for specific payment transaction mandates and guidance.
  3. Consult ATM Vendors: Contact your ATM vendor for specific questions about hardware support and TR-31 compliance.
  4. Plan Upgrades: If upgrades are necessary, plan and execute them before your PCI audit deadlines.
  5. Stay Informed: With a partner like Trusted Security Solutions, stay updated on PCI standards and payment brand mandates to stay ahead of compliance requirements.

Navigating EPP mandates and ensuring compliance is challenging, but it is essential for maintaining the security and trust of your banking operations. By proactively reaching out to payment brands and ATM vendors and planning necessary upgrades, you can ensure compliance with PCI requirements to avoid potential issues during PCI audits. At Trusted Security Solutions, we offer dependable solutions you can rely on so you’re not navigating this challenging landscape alone.

Included In This Story

Trusted Security Solutions - A98

Expertise You Can Bank On

Trusted Security's A98 System provides a compliant and efficient solution for establishing unique initial keys in each ATM. A98 uses remote key loading when possible and alternatively uses its patented Comvelope© solution to automate key loading of legacy ATMs.

Request Info
Learn More

Related Media

Blog
Navigating the Latest TR-31 Updates: What You Need to Know
Blog
What you need to know about TR-31
Blog
Are your ATMs ready for PCI DSS 4.0 changes?
Blog
PCI DSS 4.0 Changes: Is Your ATM Fleet Ready for 2024?
Blog
What are the challenges to the ATM industry in 2025?
Blog
2025’s Biggest ATM Security Challenges and How to Prepare for Them

Security
Examining biggest ATM security issues and 4 strategies to prevent them
Security
Banking privacy: 5 benefits for banks, customers
Security
Protecting an ATM's hardware, software by slowing down criminals
On-Demand Webinar
A Masterclass in ATM Security: Global Best Practices and Trends
Presented by Diebold Nixdorf
Featured Vendor

Simple | Secure | Service | Solutions. From ATM sales, support, and service to enterprise security solutions with Next Generation technology. ‍Think CSG First. We Make it Happen!

Learn More
Recent Posts
Bank of North Dakota partners with Fiserv to unveil Roughrider Coin
San Antonio police investigating string of ATM thefts
Washington woman shot while using ATM
Citizens appoints head of commercial banking
Manchester police on lookout for ATM thieves


©2025 Networld Media Group, LLC. All rights reserved.
b'S1-NEW'