Compliance, Considerations, Solutions
PCI DSS requirement 9.9 not only applies to merchants who accept credit cards, but ATMs as well. This paper discusses the requirement and its sub-controls with a focus on ATM inspection.
On 1 July 2015 the new Payment Card Industry (PCI) Data Security Standard (DSS) requirement 9.9 moves from a best practice to mandatory requirement for compliance. The requirement was added to the third revision of the DSS based on the global threat of Point-of-Interaction (POI) device tampering, substitution, and skimming.