|
|
|
|
|
|
There is no black and white answer to this question, and in most instances, it depends.
PCI DSS extends to all devices that process, store or transmit payment card data.
As a consequence, it may be possible to segment aspects of your infrastructure that
are involved in card transactions away from your workstation, laptop or till environment.
If this is done correctly, and with the appropriate security controls, it may well
be possible to remove workstations and tills from the scope of the PCI DSS.
If you either process, transmit or store data through your workstations, laptops
or tills, then they will almost certainly be in scope for PCI DSS assessment.
Special note: - tills
It is common for tills to take card data from a Pin Entry Device (PED) and then
encrypt it before transmitting it to a central location for processing. In this
instance, if the till encrypts the data, it is classed as being in scope for assessment.
|
|
|
To find out more about how Nettitude can help you with your Compliance requirements,
please complete our contact form,
and a Consultant will respond to your enquiry.