Are manual imprinter machines in scope for PCI DSS requirements?
No. There are no PCI DSS requirements that apply to manual imprinters (also known as ‘zip-zap’ and ‘knuckle-buster’ machines). They are not card reading devices as defined in Requirement 9.9, and neither are they “critical technologies” as defined in Requirement 12.3. Although there are no requirements that apply to imprinter machines directly, the paper receipts (including carbon copies) produced by using the machine to take an imprint of a payment card will contain cardholder data, and must be protected in the same way as any physical media containing cardholder data, including to PCI DSS Requirements 9.5 and 9.8.
Article Number: 1299