Many merchants have physical imprint devices to allow for transactions through the event of a power outage. While imprint receipts contain sensitive data, merchants using this form of a point-of-sale backup can still remain compliant. To comply with PCI DSS requirements, the merchant must maintain tight data security by storing credit card information in a locked drawer or room where only authorized employees have access. Credit card imprinter receipts must be thoroughly destroyed/shred after the customer dispute period expires or according to their established company policies. Merchants can ensure this is taking place simply by developing an Information Classification, Handling, and Disposal policy to comply with the PCI standards.
