Requirement 9: Restrict Physical Access To Cardholder Data - VeriFone Vx520 Implementation Manual
Payment core
Hide thumbs
Also See for Vx520:
- Reference manual (190 pages) ,
- Installation manual (64 pages) ,
- User manual (37 pages)
Table of Contents
Advertisement
and the security methods to protect user passwords at the point of entry, during transmission, and
while in storage.", reference 2.
b. How your Point Vx helps you meet this requirement
The Point Vx does not allow access to critical data.
Requirement 8.3: The Point Vx does not allow direct remote access to the system. But for remote
updates via Terminal Management Systems the authentication used as part of an authenticated re-
mote software distribution framework for the PED, should be evaluated by a QSA as part of any PCI
DSS assessment.
c. What this means to you
Since the Point Vx does not allow access to critical data you do not need to take any action.
Requirement 8.3: Ask your QSA to include the remote update process in the PCI DSS assessment.
Requirement 9: Restrict physical access to cardholder data
a. What the requirement says
"Any physical access to data or systems that house cardholder data provides the opportunity for in-
dividuals to access devices or data and to remove systems or hardcopies, and should be appropriate-
ly restricted. For the purposes of Requirement 9, "onsite personnel" refers to full-time and part-time
employees, temporary employees, contractors and consultants who are physically present on the
entity's premises. A "visitor" refers to a vendor, guest of any onsite personnel, service workers, or
anyone who needs to enter the facility for a short duration, usually not more than one day. "Media"
refers to all paper and electronic media containing cardholder data.", reference 2.
b. How your Point Vx helps you meet this requirement
The Point Vx physically prevents by encryption and truncation users to access cardholder data.
© 2015 VeriFone. All rights reserved. VeriFone, the VeriFone logo, Vx, Mx, VeriCentre, VeriShield, Verix V, Verix and PAYware are either
trademarks or registered trademarks of VeriFone in the United States and/or other countries. All other trademarks or brand names are the
properties of their respective holders. All features and specifications are subject to change without notice.
The information contained in this document is confidential and property of VeriFone, Inc. This material may not be copied or published, or
divulged in part or in totality without written permission form VeriFone, Inc.
Author
Jevgenijs Smirnovs
E-mail
jevgenijs.smirnovs@verifone.com
Phone
+371 67844726
Document name
Verifone Payment Core
Point VxPC F02.01.xxx
Implementation Guide
Date
12-Jun-2015
Page number
Version
18
1.0
Hide quick links:
Advertisement
Table of Contents
