Does PCI Compliance Require A Camera Over Every Cash Register?

I was just asked this: "Does PCI Compiance Require a Camera Over Every Cash Register?"

I have never heard of anything like this, though obviously if it were true, it would be quite a justification for surveillance.

More than 5 years, a manufacturer posted a piece on PCI and surveillance recorders but that was about storing data/video, not recording it at cameras.


Way to go Michael, it really pays to read the "Note:..."!

Thanks Michael!

Brian, there goes my idea to put a 29MP over every cash register at Walmart...

The PCI Data Security Standard (DSS) specifically excludes the need to provide cameras over cash registers:

DSS 9.1.1: "Use video cameras and/or access control mechanisms to monitor individual access to sensitive areas. Review collected data and correlate with other entries. Store for at least three months, unless otherwise restricted by law. Note: - Sensitive areas refers to any data center, server room, or any area that houses systems that store, process, or transmit cardholder data. This excludes the areas where only point-of-sale terminals are present, such as the cashier areas in a retail store."

Funny, because if anything I've heard data that could suggest the exact opposite. Super hi-res cameras over registers run the risk of recording credit card numbers if a shopper hands their card over to the cashier (for swipe, signate inspection, etc.). Not sure if it's a an actual problem, or just folklore, but it runs a little counter-intuitive to requiring a camera over every register (which, to me, implies wanting to decent decent shots with some detail).