What is PCI-DSS?

PCI-DSS, the Payment Card Industry Data Security Standard, is a set of security requirements for organizations that accept, process, store, or transmit credit card information. Maintained by the PCI Security Standards Council, PCI-DSS includes specific requirements for the destruction of media containing cardholder data.

Requirement 9.8 of PCI-DSS specifically addresses media destruction, requiring that organizations render cardholder data on electronic media unrecoverable when it is no longer needed for business or legal reasons. Acceptable methods include cross-cut shredding, degaussing, and secure overwriting following recognized standards.

For retailers, restaurants, financial institutions, and e-commerce businesses, PCI-DSS compliance extends to every device that has touched payment card data — point-of-sale terminals, payment servers, backup drives, and even the PCs where employees accessed payment systems. A certified ITAD provider can handle the secure disposition of these devices with proper documentation for PCI-DSS audit requirements.