PCI DSS: Physical Security and Skimming Prevention of Point of Sale Devices

Payment Card Industry Compliance
PCI DSS: Physical Security and Skimming Prevention of Point of Sale Devices 

Point of Sale systems (card reading devices used in card present transactions, referred to as Terminals) are subject to Physical Security Requirements in the PCI DSS V3.1, Requirement 9.

Responsibilities of employees who operate Point of Sale devices include, but are not limited to, the following:
 
  • Devices must be physically secured at all times
  • Cashiers should visually inspect the terminal daily 
  • Annually, and upon hire, employees who accept payments via payment card (e.g., debit or credit) on behalf of RIT will complete the Payment Card Security Training and review the PCI Security Standards Skimming Prevention Best Practices for Merchants
  • Complete a Terminal Characteristic form [insert link] for each terminal annually and when there’s a significant change. Retain the completed form for one year from the date of the inspection.  
  • Complete a Terminal Inspection form [insert link] monthly. Retain the completed form for one year from the date of the inspection.  
  • To ensure compliance with PCI DSS, the Payment Card Steering Committee may request copies of the forms at any time.