Physical Security and Skimming Prevention of Point of Sale Devices

Point of Sale systems (card reading devices used in card present transactions, referred to as Terminals) are subject to Physical Security Requirements in the PCI DSS V3.2, Requirement 9.

MDRP (or designee) Responsibilities for Point of Sale devices include, but are not limited to, the following:

  • Devices must be Physically Secured
  • Annual, and upon hire, agents of the College will complete the computer based PCI Security Awareness Training program and review of the Skimming Prevention Best Practices for Merchants
  • A "Terminal Characteristics" form must be completed for each terminal when received.
  • A task should be added to a cashiers daily checklist to visually inspect the terminal
  • A Monthly Physical Inspection must be performed and saved in the PCI MDRP Physical Inspection Google Team Drive.

The Terminal Characteristics and Monthly Physical Inspection forms must be retained for a period of one year.  Save forms monthly to the PCI MDRP Physical Inspection Google Team Drive.

Below are forms for printing and reference material:

Investment & Treasury Operations Office

152 Maple Street
Marble Works, Suite 102
Middlebury College
Middlebury, VT 05753
Phone: 802-443-5751