Frequently Asked Question
Does PCI DSS apply to paper with cardholder data (for example, receipts, reports, etc.)?
Yes, PCI DSS requirements are applicable if a Primary Account Number (PAN) is stored, processed, or transmitted on or by any media, including paper records. PCI DSS Requirement 9 specifically addresses the safeguarding of physical media, including paper records, containing cardholder data.
Note: The specific sub requirement number(s) and terminology may vary depending on the version of the standard being used.