Frequently Asked Questions

< Back to search page

Does PCI DSS apply to paper with cardholder data (for example, receipts, reports, etc.)?

FAQ Response

Yes, PCI DSS requirements are applicable if a Primary Account Number (PAN) is stored, processed, or transmitted by any media, including paper records. PCI DSS Requirements 9.5 through 9.8 specifically addresses the safeguarding of physical media, including paper records, containing cardholder data.

(Note: PCI DSS Requirement numbers refer to PCI DSS version 3)

May 2014
Article Number 1069

Does PCI DSS define which versions of TLS must be used?

How does encrypted cardholder data impact PCI DSS scope for third-party service providers?

What are acceptable formats for truncation of primary account numbers?

How can an entity meet PCI DSS requirements for PAN masking and truncation if it has migrated to 8-digit BINs?

Does the use of expired PTS POI devices meet eligibility criteria for SAQ B-IP?

Frequently Asked Questions

Does PCI DSS apply to paper with cardholder data (for example, receipts, reports, etc.)?

Related Articles