Rex, anything that touches cardholder data is in scope: The PCI DSS security requirements apply to all system components included in or connected to the cardholder data environment. The cardholder data environment (CDE) is comprised of people, processes, and technologies that store, process, or transmit cardholder data or sensitive authentication data. Dana
On Thu, 4 Jan 2018 21:25:15 +0000, Pommier, Rex <[email protected]> wrote: >Dana, > >I'm asking this more out of ignorance than anything else. Would the front-end >terminal need to specifically comply with PCI if it is merely a data entry >device and isn't actually storing any information? Not knowing how Walmart's >systems are set up, if the XP machine and scanner are hard wired to a back end >server that stores and forwards all the data, wouldn't that be the machine >that needs to be PCI compliant? > >Rex > ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
