PCI Compliant Shredders – PCI Compliance – Payment Card Data

The Payment Card Industry Data Security Standard (PCI-DSS) is a worldwide information security standard defined by the Payment Card Industry Security Standards Council. The standard was created to help payment card industry organizations that process card payments, prevent credit card fraud through increased controls around data and its exposure to compromise. The standard applies to all organizations that store, process, or transmit cardholder information from most branded payment cards.

Merchants are discouraged to store cardholder data unless absolutely necessary. If it is necessary to store cardholder data, implementing a policy of Restricted Physical Access to stored payment card data on paper and other media is of high importance .

What is a PCI compliant shredder? The PCI-DSS standard for shredding cardholder data is to “Cross-Cut” documents, a multidirectional shredding process that makes reconstruction impossible (maximum particle size 6x35mm). PCI-DSS standard does not support shredding with strip cut paper shredders.

Destruction of cardholder information captured on paper & media when it is no longer needed for business or legal reasons can be processed using these methods:

• Cross-Cut Shred paper, incinerate, or pulp hardcopy materials.
• Shred Paper Documents using approved destruction methods & certified shredding services (minimally cross-cut shredding).
• Purge, Degauss, Shred or otherwise destroy electronic media so that cardholder data cannot be reconstructed.
• Destroy Any Computer Hard Drive (shred, crush or degauss using DoD type overwrite processes) disposed of that contained credit card data.

It is essential to destroy cardholder data as soon as it is no longer required by your office and be sure the document shredding machine your office is using is PCI-DSS compliant.

Security shredding and destruction of payment card data held physically on paper and other media’s brings you office closer to PCI compliance.