Does PCI Compliance Require A Camera Over Every Cash Register?

I was just asked this: "Does PCI Compiance Require a Camera Over Every Cash Register?"

I have never heard of anything like this, though obviously if it were true, it would be quite a justification for surveillance.

More than 5 years, a manufacturer posted a piece on PCI and surveillance recorders but that was about storing data/video, not recording it at cameras.


Funny, because if anything I've heard data that could suggest the exact opposite. Super hi-res cameras over registers run the risk of recording credit card numbers if a shopper hands their card over to the cashier (for swipe, signate inspection, etc.). Not sure if it's a an actual problem, or just folklore, but it runs a little counter-intuitive to requiring a camera over every register (which, to me, implies wanting to decent decent shots with some detail).

The PCI Data Security Standard (DSS) specifically excludes the need to provide cameras over cash registers:

DSS 9.1.1: "Use video cameras and/or access control mechanisms to monitor individual access to sensitive areas. Review collected data and correlate with other entries. Store for at least three months, unless otherwise restricted by law. Note: - Sensitive areas refers to any data center, server room, or any area that houses systems that store, process, or transmit cardholder data. This excludes the areas where only point-of-sale terminals are present, such as the cashier areas in a retail store."

Thanks Michael!

Brian, there goes my idea to put a 29MP over every cash register at Walmart...

Way to go Michael, it really pays to read the "Note:..."!