Blog

Are ‘Knuckle Busters’ PCI Compliant?

Date published:

Jan 3, 2022

No items found.
SHARE ON
SHARE ON

Question:

I run a restaurant business and have a question regarding “manual credit card processing.” In the event my cc system (POS) goes down, how can I process credit cards without taking a manual imprint of the card?

Answer:


I’m guessing your question comes from the recent news stories surrounding the P.F. Chang’s data breach, where the well-known restaurant chain opted to use manual card-swipe devices (a.k.a., “knuckle busters”) to process customers’ credit cards until they could complete a forensics investigation.

Rest assured, however, that there are other non-manual processing methods your business could employ should your POS system go down. You might, for example, keep a backup Square device or other mobile-enabled processing method at your disposal.

If you’re asking whether you can fall back on a “knuckle buster” device and still be PCI compliant, the answer is basically the same either way: When accepting credit card payments you have to comply with all of the PCI Data Security Standard (DSS) requirements. If you make an imprint of the card for business purposes, then you must secure that in accordance with the DSS’s physical security rules, which are found in Requirement 9, “Restrict Physical Access to Cardholder Data.”

Contact the VikingCloud team for more information about ensuring your organization stays PCI compliant.

SHARE ON
Andrea Sugden
Chief Sales and Customer Relationship Officer
Let’s Talk
To get started with a VikingCloud cybersecurity and compliance assessment, email, call or click:
Contact Us