Complying with PCI-DSS Requirement 9.9

A QSA's Perspective

With the release of PCI DSS v3.0, the 9.9 requirement was introduced to help organizations combat point of interaction (POI) device fraud by requiring them to inventory and inspect devices.

Organizations are now expected to train personnel to look for suspicious activity with all physical devices. This is a major change, as previous versions of the DSS did not require any point of interaction inspections whatsoever.