top of page
9.9 PCI DSS (v3.2.1)
Compliance Standard
Compliance Version
Control ID
PCI DSS
(v3.2.1)
9.9
Requirement 9: Restrict physical access to cardholder data
(v3.2.1)
Protect devices that capture payment card data via direct physical interaction with the card from tampering and substitution.
Note: These requirements apply to card-reading devices used in card-present transactions (that is, card swipe or dip) at the point of sale. This requirement is not intended to apply to manual key-entry components such as computer keyboards and POS keypads.
bottom of page