Yes, PCI DSS requirements are applicable if a Primary Account Number (PAN) is stored, processed, or transmitted by any media, including paper records. PCI DSS Requirements 9.5 through 9.8 specifically addresses the safeguarding of physical media, including paper records, containing cardholder data.
(Note: PCI DSS Requirement numbers refer to PCI DSS version 3) |
May 2014
Article Number 1069