Frequently Asked Question

Does PCI DSS apply to paper with cardholder data (for example, receipts, reports, etc.)?
Yes, PCI DSS requirements are applicable if a Primary Account Number (PAN) is stored, processed, or transmitted on or by any media, including paper records. PCI DSS Requirement 9 specifically addresses the safeguarding of physical media, including paper records, containing cardholder data.
Note: The specific sub requirement number(s) and terminology may vary depending on the version of the standard being used.
August 2022
Article Number: 1069
Related
Featured FAQ Articles
Most Recently Updated
-
Is the expectation that any PFI investigation initiated must result in a PFI Final Report?
-
Can SAQ eligibility criteria be used for determining applicability of PCI DSS requirements for assessments documented in a Report on Compliance?
-
Do PCI DSS requirements for keyed cryptographic hashing apply to previously hashed PANs?