PCI DSS requirement 9.9

Meet ZeroRisk PINpoint

The full blown solution to easily comply with PCI DSS Requirement 9.9 by keeping card-reading devices and terminals constantly under control


ZeroRisk PINpoint is a solution created for Merchants (mainly Franchisers and Large Merchants) who use everyday an important tool that helps them completing their work, the PED (PIN Entry Device) or PoS (Point-of-Sale) terminal. We call these payment card reading devices and terminals. These machines capture payment card data thanks to a face-to-face interaction with the cardholder. Often this happens through the use of a PIN (Personal Identification Number). Due to the crucial role played by these machines, it is incredibly important for retailers, franchisers and merchants to monitor all of their devices, in all their locations, continuously.

Complying with Requirement 9.9 is mandatory

Starting from 1st of July 2015, all entities that have to be PCI Compliant need to monitor each one of their devices continuously and report about their status.

Let's take a look at the incipit of requirement 9.9 from PCI DSS compliance official documentation:

"Protect devices that capture payment card data via direct physical interaction with the card from tampering and substitution."

PCI DSS requirement 9.9 is quite extensive (includes sub-requirements 9.9.1, 9.9.2 and 9.9.3). It describes in detail the possible security issues for a point-of-sale device with the goal of supporting entities that use several terminals. Requirement 9.9 comes with suggestions and best practices to avoid possible criminals attempts to manipulate payment card-reading devices.

What is the problem with the Point-of-Sale devices?

A faulty or manipulated PoS is a device that fell into the wrong hands and carries additional software or replaced/additional hardware that allows malicious users to steal cardholder data and, consequently, customers money. The first step is to keep thieves away from PoS. Thieves can replace legitimate devices, either completely or partly, with fradulent ones. Skimming components for instance, allow the terminals to capture the payment card details twice: first using the criminal’s components and secondly by using the legitimate device technology.

An important suggestion from requirement 9.9 is the following:

"Keeping an up-to-date list of devices helps an organization keep track of where devices are supposed to be, and quickly identify if a device is missing or lost."

This task cannot be carried out without a well organized and systematic approach.

Imagine a dedicated solution that would support you to in monitoring a large number of devices wherever they are located, report on their compliance status and share that information with the right peers/stakeholders (your bank for instance).

Does such a solution exist?

Yes! And it is ready for you to use. Discover ZeroRisk PINpoint and its web dasboard, get in touch with us to discover how you can get your account and start monitoring your devices.

If you are a Large Merchant, a Franchiser, a Retailer or a Face to Face Payment Service Provider, ZeroRisk PINpoint is going to make your life much easier.

ZeroRisk PINpoint offers a number of benefits:

  • No paper based inventories and processes;
  • Report any change on your terminals using a mobile device;
  • Share the workload between employees;
  • Get reports on the status of each device  and share them with your peers;
  • Intuitive auditing workflows;
  • An interface to add, edit and remove devices and locations;
  • Personalization of auditing workflows;
  • Complete reporting download.

Our solution is so clear that even untrained personnel can use it. Keeping payment card reading devices and terminals under control and maintaining PCI DSS Compliance has never been easier. Discover more about it.

How much is ZeroRisk PINpoint going to cost?

ZeroRisk PINpoint is offered with advantageous rates based on the number of devices in use and the locations (such as stores/shops/offices etc..) where those devices are used. Additional costs will be charged for personalization and dedicated integrations or on-demand development.

Get in touch with our Sales Team to discover our rates or see a DEMO of the application. Fill out the form on your right hand, or contact us.


Request a quote