Physical Security and Skimming Prevention of Point of Sale Devices

Point of Sale systems (card reading devices used in card present transactions, referred to as Terminals) are subject to Physical Security Requirements in the PCI DSS V3.2, Requirement 9.

MDRP (or designee) Responsibilities for Point of Sale devices include, but are not limited to, the following:

  • Devices must be Physically Secured
  • Annual, and upon hire, agents of the College will complete the computer based PCI Security Awareness Training program and review of the Skimming Prevention Best Practices for Merchants
  • A "Terminal Characteristics" form must be completed for each terminal when received.
  • A task should be added to a cashiers daily checklist to visually inspect the terminal
  • A Monthly Physical Inspection must be performed, documented, emailed to the PCI Compliance Team and retained by MDRP or designee.

The Terminal Characteristics and Monthly Physical Inspection forms must be retained for a period of one year.  Submit forms monthly to the PCI Compliance Team.

Below are forms for printing and reference material:

Investment & Treasury Operations Office

Marbleworks Office Complex
152 Maple Street
Suite 102
Middlebury, VT 05753
Phone: 802-443-5751