thread Re: PCI Compliance with Mail Orders that Contain Credit Card information in Payments Troubleshooting https://community.squareup.com/t5/Payments-Troubleshooting/PCI-Compliance-with-Mail-Orders-that-Contain-Credit-Card/m-p/626606#M33673 <P><a href="https://community.squareup.com/t5/user/viewprofilepage/user-id/333926">@CintiObserv</a>&nbsp;When you accept the mail and then enter into square you are entering the info into a PCI compliant system.&nbsp; The biggest thing you need to do is ensure that access to the mail is limited, mail is not left unsecure, and destroying them after entering them is ideal (crosscut shredder!).&nbsp; As long as the mail is secure and you are not storing paper copies insecurely, you are fine as far as PCI compliance from what I know.</P><P>&nbsp;</P><P>"<SPAN>Restrict physical access to cardholder data.</SPAN><BR /><SPAN>PCI DSS Requirement 9 relates to physical security. All physical access to cardholder data within the cardholder data environment must be controlled and restricted to only individual&nbsp;who require this physical access."</SPAN></P><P>&nbsp;</P><P><SPAN>These safeguards limit your liability.</SPAN></P> Thu, 05 Jan 2023 19:15:45 GMT Donnie-M 2023-01-05T19:15:45Z PCI Compliance with Mail Orders that Contain Credit Card information https://community.squareup.com/t5/Payments-Troubleshooting/PCI-Compliance-with-Mail-Orders-that-Contain-Credit-Card/m-p/626594#M33672 <P>We are a non-profit and use Square POS for our gift shop, program fees, memberships, donations and the like. I understand that by using Square we are PCI compliant.</P><P>&nbsp;</P><P>However we do receive some credit card information via the mail (typically memberships and donations), which are then processed in Square POS. Once they are approved we shred the mail with the credit card information.</P><P>&nbsp;</P><P>Do we need undertake any PCI assessment or tasks to be 100% in compliance?</P><P>&nbsp;</P><P>Thanks,<BR />Craig</P><P>Cincinnati Observatory Center</P> Sat, 20 Sep 2025 20:17:42 GMT https://community.squareup.com/t5/Payments-Troubleshooting/PCI-Compliance-with-Mail-Orders-that-Contain-Credit-Card/m-p/626594#M33672 CintiObserv 2025-09-20T20:17:42Z Re: PCI Compliance with Mail Orders that Contain Credit Card information https://community.squareup.com/t5/Payments-Troubleshooting/PCI-Compliance-with-Mail-Orders-that-Contain-Credit-Card/m-p/626606#M33673 <P><a href="https://community.squareup.com/t5/user/viewprofilepage/user-id/333926">@CintiObserv</a>&nbsp;When you accept the mail and then enter into square you are entering the info into a PCI compliant system.&nbsp; The biggest thing you need to do is ensure that access to the mail is limited, mail is not left unsecure, and destroying them after entering them is ideal (crosscut shredder!).&nbsp; As long as the mail is secure and you are not storing paper copies insecurely, you are fine as far as PCI compliance from what I know.</P><P>&nbsp;</P><P>"<SPAN>Restrict physical access to cardholder data.</SPAN><BR /><SPAN>PCI DSS Requirement 9 relates to physical security. All physical access to cardholder data within the cardholder data environment must be controlled and restricted to only individual&nbsp;who require this physical access."</SPAN></P><P>&nbsp;</P><P><SPAN>These safeguards limit your liability.</SPAN></P> Thu, 05 Jan 2023 19:15:45 GMT https://community.squareup.com/t5/Payments-Troubleshooting/PCI-Compliance-with-Mail-Orders-that-Contain-Credit-Card/m-p/626606#M33673 Donnie-M 2023-01-05T19:15:45Z