Frequently Asked Question

Are manual imprinter machines in scope for PCI DSS requirements?
No. There are no PCI DSS requirements that apply to manual imprinters (also known as ‘zip-zap’ and ‘knuckle-buster’ machines). They are not card reading devices as defined in Requirement 9.9, and neither are they “critical technologies” as defined in Requirement 12.3. Although there are no requirements that apply to imprinter machines directly, the paper receipts (including carbon copies) produced by using the machine to take an imprint of a payment card will contain cardholder data, and must be protected in the same way as any physical media containing cardholder data, including to PCI DSS Requirements 9.5 and 9.8.
July 2014
Article Number: 1299
Related
Featured FAQ Articles
Most Recently Updated
-
Is the expectation that any PFI investigation initiated must result in a PFI Final Report?
-
Can SAQ eligibility criteria be used for determining applicability of PCI DSS requirements for assessments documented in a Report on Compliance?
-
Do PCI DSS requirements for keyed cryptographic hashing apply to previously hashed PANs?