Third parties, with whom cardholder data is shared, are contractually required to adhere to the PCI DSS requirements and to acknowledge that they are responsible for the security of the cardholder data which they transmit, process, store or can affect the security thereof. Only the minimum amount of data needed to complete the transaction will be shared with a 3rd party. All interaction must be documented and logged.
Point of Sale systems (card reading devices used in card present transactions, referred to as Terminals) are subject to Physical Security Requirements in the PCI DSS V3.1, Requirement 9.
MDRP (or designee) Responsibilities for Point of Sale devices include, but are not limited to, the following:
The Payment Card Industry Data Security Standard (PCI DSS v3.1) is a standard that has been implemented by the major payment card brands. We are contractually obligated, with our acquirer, to abide by these standards if we choose to accept payment cards as a form of payment.