PCI DSS: Physical Security and Skimming Prevention of Point of Sale Devices

Payment Card Industry Compliance
PCI DSS: Physical Security and Skimming Prevention of Point of Sale Devices 

Point of Sale systems (card reading devices used in card present transactions, referred to as Terminals) are subject to Physical Security Requirements in the PCI DSS V3.1, Requirement 9.
 

Responsibilities of employees who operate Point of Sale devices include, but are not limited to, the following:

  • Devices must be physically secured at all times. Devices should be kept in locked offices or cabinets when not in use
  • Cashiers should visually inspect the terminal daily for signs of tampering
    • Signs of tampering include:
      • Scratches anywhere on the device
      • Misaligned seams on the device and signs of it being opened
      • Peeled stickers, labels or number plates
      • Cords that look different than the day before (e.g. change in color, gauge, style)
      • A noticeable change in weight of the device
      • Additional hardware being placed near or connected to the payment device, the device cords, or to the jack/port where the device connects
      • Cards going into the chip reader deeper than normal
      • Wires protruding from the device

  • Annually, and upon hire, employees who accept payments via payment card (e.g., debit or credit) on behalf of RIT will complete the PCI Training