What Kind of Shredder do you Need to be PCI Compliant? A Guide to Shredding Credit Cards

What Kind of Shredder do you Need to be PCI Compliant? A Guide to Shredding Credit Cards

Read Length:

The Payment Card Industry Data Security Standard (PCI DSS) is a set of security standards designed to protect sensitive credit card information. The PCI DSS requires businesses that process, store, or transmit credit card data to implement specific security measures, including the secure disposal of sensitive data.

While the PCI DSS does not specify a particular shredder or level of security for shredding credit card data, it does require that businesses use a secure method of disposal that renders the data “unreadable and unusable.”

Therefore, it is recommended that businesses use a cross-cut or micro-cut shredder with a P-3 or higher rating to comply with PCI DSS requirements.

What do Shredder Security Ratings Mean?

Paper shredders are classified using different systems, which vary from country to country.

In the USA, a P-rating system is often used to distinguish between the different security levels of shredders.  

This was developed by the National Security Agency (NSA), who had the goal of providing a more standardized system to evaluate how effective different paper shredders are at destroying data.

The P-rating system is divided into seven levels, from P-1 to P-7, with P-1 being the lowest level of security, and P-7 being the highest. 

The system is based around the size of the particles produced by an A4 piece of paper going through the shredder. The smaller the final particle size is, the higher the P-rating.

P-1: Shredders with this rating shred paper into strips of 12mm (0.47 inches). This level of security is suitable for shredding everyday, non-sensitive documents that do not contain confidential information, so you should avoid shredding credit cards with shredders in this category. 

P-2: Shredders in this category produce thinner strips, usually of around 6mm (0.23 inches). This category of shredder is best suited for home use, and for shredding documents that contain sensitive information such as bank statements, medical records, and credit card receipts. However, it is not advised that shredders with a P-2 rating are used for shredding bank cards. 

P-3: These kinds of shredders produce particles that are no bigger than 320mm² (0.5 square inches). P-3 shredders can be used to shred highly sensitive information, including legal documents or external financial details from customers, and partners of clients. This could also be used to destroy credit or debit cards. 

P-4: This kind of shredder produces particles that are usually no larger than 160mm² (0.25 square inches). This security level is ideal for more confidential documents, like tax records, and personal identification documents, and could also be used to effectively destroy credit cards.

P-5: Shredders with this P-rating turn material into particles that are no larger than 30mm² (0.05 square inches). This level is suitable for shredding documents that contain extremely sensitive information, such as classified documents or explicit, high-level bank reports. 

P-6: This classification turns documents into smaller particles that are no larger than 10mm² (0.016 square inches). This level is for shredding documents that require the highest level of security, such as government documents and military records.

P-7: This shredder classification produces the smallest particles possible, that are no larger than 5mm² (0.008 square inches which is the consistency of dust). This level of security is best suited for those that need to destroy top-secret documents, government, and military documents which are highly confidential and potentially dangerous, or highly-influential on a national scale. 

Realistically, any shredder classified with a security rating of P-3 or above will be adequate for destroying credit cards and other sensitive and/or confidential information of this nature. 

What are the Different Cut Types of Shredders?

credit card shredder

 

There are four different cut types to choose from when selecting a card shredder; strip-cut, cross-cut, micro-cut, and crypto-cut. 

Strip Cut Shredders

These shredders cut paper into long, narrow strips, usually about 1/4 inch wide. Strip-cut shredders are the most basic type of shredder, and offer the lowest level of security. This type of shredder is suitable for shredding non-sensitive documents such as junk mail and old newspapers. 

Strip cut shredders are not recommended for those looking to destroy credit or debit cards, as well as any other forms of confidential or sensitive information. 

Cross Cut Shredders

Cross-cut shredders (also sometimes referred to as confetti-cut shredders) cut material into small rectangular or diamond-shaped pieces, typically ranging from 1/8 inch to 1/2 inch in size. Cross-cut shredders offer a higher level of security than strip-cut shredders, and are suitable for shredding sensitive documents such as financial statements and medical records, as its shred residue is much harder to assemble than strip-cut material.

Micro Cut Shredders

Micro-cut shredders cut paper into tiny particles, usually less than 1/8 inch in size. Micro-cut shredders offer the highest level of security, and are suitable for shredding highly sensitive documents such as classified information and confidential financial data.

Industrial Shredders

These kinds of shredders turn material into a dust-like substance, making re-assembling its pieces impossible. These shredders are known as having the highest level of security, and are often used in governmental settings where the data being destroyed is highly classified. These shredders are usually found in industrial settings. 

In addition to shredding credit card data, businesses must also implement other security measures such as encryption, access controls, and regular security assessments to ensure that credit card data is properly protected. Compliance with the PCI DSS is mandatory for businesses that process, store, or transmit credit card data, and failure to comply can result in fines and other penalties.

What are the Benefits of Shredding Credit Cards?

shredded credit cards

Shredding credit cards is an important security measure that helps protect against identity theft and fraud. 

There are numerous benefits to shredding old and out-of-date credit cards, whether you’re a business or consumer.

  • It Protects Against Identity Theft
  • When credit cards are not shredded and disposed of properly, they can be retrieved from the trash, and used by identity thieves to open fraudulent accounts or make unauthorized purchases. Shredding credit cards ensures that sensitive information such as the card number, expiration date, and security code is destroyed, and cannot be used by unauthorized individuals.

  • It Prevents Unauthorized Access
  • Shredding credit cards prevents unauthorized individuals from accessing the sensitive information stored on the card. This is especially important if the card has been lost or stolen, as shredding the card can prevent someone from using it to make purchases, or steal personal information.

  • It Maintains Privacy
  • Shredding credit cards helps maintain privacy by ensuring that sensitive information is not disclosed to others. This is particularly important if the credit card contains personal or confidential information that should not be shared.

  • It Ensures Compliance with Regulations 
  • Shredding credit cards may be required by various regulations and standards, including the PCI DSS, which requires the secure disposal of credit card information to protect against fraud and data breaches.

    Overall, shredding credit cards is a simple, yet effective security measure that helps protect people against identity theft and fraud, maintains privacy, and ensures compliance with regulations.

    Need some advice? Complete our contact us form for product advice or a free quote.

    The Payment Card Industry Data Security Standard (PCI DSS) is a set of security standards designed to protect sensitive credit card information. The PCI DSS requires businesses that process, store, or transmit credit card data to implement specific security measures, including the secure disposal of sensitive data.

    While the PCI DSS does not specify a particular shredder or level of security for shredding credit card data, it does require that businesses use a secure method of disposal that renders the data “unreadable and unusable.”

    Therefore, it is recommended that businesses use a cross-cut or micro-cut shredder with a P-3 or higher rating to comply with PCI DSS requirements.

    What do Shredder Security Ratings Mean?

    Paper shredders are classified using different systems, which vary from country to country.

    In the USA, a P-rating system is often used to distinguish between the different security levels of shredders.  

    This was developed by the National Security Agency (NSA), who had the goal of providing a more standardized system to evaluate how effective different paper shredders are at destroying data.

    The P-rating system is divided into seven levels, from P-1 to P-7, with P-1 being the lowest level of security, and P-7 being the highest. 

    The system is based around the size of the particles produced by an A4 piece of paper going through the shredder. The smaller the final particle size is, the higher the P-rating.

    P-1: Shredders with this rating shred paper into strips of 12mm (0.47 inches). This level of security is suitable for shredding everyday, non-sensitive documents that do not contain confidential information, so you should avoid shredding credit cards with shredders in this category. 

    P-2: Shredders in this category produce thinner strips, usually of around 6mm (0.23 inches). This category of shredder is best suited for home use, and for shredding documents that contain sensitive information such as bank statements, medical records, and credit card receipts. However, it is not advised that shredders with a P-2 rating are used for shredding bank cards. 

    P-3: These kinds of shredders produce particles that are no bigger than 320mm² (0.5 square inches). P-3 shredders can be used to shred highly sensitive information, including legal documents or external financial details from customers, and partners of clients. This could also be used to destroy credit or debit cards. 

    P-4: This kind of shredder produces particles that are usually no larger than 160mm² (0.25 square inches). This security level is ideal for more confidential documents, like tax records, and personal identification documents, and could also be used to effectively destroy credit cards.

    P-5: Shredders with this P-rating turn material into particles that are no larger than 30mm² (0.05 square inches). This level is suitable for shredding documents that contain extremely sensitive information, such as classified documents or explicit, high-level bank reports. 

    P-6: This classification turns documents into smaller particles that are no larger than 10mm² (0.016 square inches). This level is for shredding documents that require the highest level of security, such as government documents and military records.

    P-7: This shredder classification produces the smallest particles possible, that are no larger than 5mm² (0.008 square inches which is the consistency of dust). This level of security is best suited for those that need to destroy top-secret documents, government, and military documents which are highly confidential and potentially dangerous, or highly-influential on a national scale. 

    Realistically, any shredder classified with a security rating of P-3 or above will be adequate for destroying credit cards and other sensitive and/or confidential information of this nature. 

    What are the Different Cut Types of Shredders?

    credit card shredder

     

    There are four different cut types to choose from when selecting a card shredder; strip-cut, cross-cut, micro-cut, and crypto-cut. 

    Strip Cut Shredders

    These shredders cut paper into long, narrow strips, usually about 1/4 inch wide. Strip-cut shredders are the most basic type of shredder, and offer the lowest level of security. This type of shredder is suitable for shredding non-sensitive documents such as junk mail and old newspapers. 

    Strip cut shredders are not recommended for those looking to destroy credit or debit cards, as well as any other forms of confidential or sensitive information. 

    Cross Cut Shredders

    Cross-cut shredders (also sometimes referred to as confetti-cut shredders) cut material into small rectangular or diamond-shaped pieces, typically ranging from 1/8 inch to 1/2 inch in size. Cross-cut shredders offer a higher level of security than strip-cut shredders, and are suitable for shredding sensitive documents such as financial statements and medical records, as its shred residue is much harder to assemble than strip-cut material.

    Micro Cut Shredders

    Micro-cut shredders cut paper into tiny particles, usually less than 1/8 inch in size. Micro-cut shredders offer the highest level of security, and are suitable for shredding highly sensitive documents such as classified information and confidential financial data.

    Industrial Shredders

    These kinds of shredders turn material into a dust-like substance, making re-assembling its pieces impossible. These shredders are known as having the highest level of security, and are often used in governmental settings where the data being destroyed is highly classified. These shredders are usually found in industrial settings. 

    In addition to shredding credit card data, businesses must also implement other security measures such as encryption, access controls, and regular security assessments to ensure that credit card data is properly protected. Compliance with the PCI DSS is mandatory for businesses that process, store, or transmit credit card data, and failure to comply can result in fines and other penalties.

    What are the Benefits of Shredding Credit Cards?

    shredded credit cards

    Shredding credit cards is an important security measure that helps protect against identity theft and fraud. 

    There are numerous benefits to shredding old and out-of-date credit cards, whether you’re a business or consumer.

  • It Protects Against Identity Theft
  • When credit cards are not shredded and disposed of properly, they can be retrieved from the trash, and used by identity thieves to open fraudulent accounts or make unauthorized purchases. Shredding credit cards ensures that sensitive information such as the card number, expiration date, and security code is destroyed, and cannot be used by unauthorized individuals.

  • It Prevents Unauthorized Access
  • Shredding credit cards prevents unauthorized individuals from accessing the sensitive information stored on the card. This is especially important if the card has been lost or stolen, as shredding the card can prevent someone from using it to make purchases, or steal personal information.

  • It Maintains Privacy
  • Shredding credit cards helps maintain privacy by ensuring that sensitive information is not disclosed to others. This is particularly important if the credit card contains personal or confidential information that should not be shared.

  • It Ensures Compliance with Regulations 
  • Shredding credit cards may be required by various regulations and standards, including the PCI DSS, which requires the secure disposal of credit card information to protect against fraud and data breaches.

    Overall, shredding credit cards is a simple, yet effective security measure that helps protect people against identity theft and fraud, maintains privacy, and ensures compliance with regulations.

    Need some advice? Complete our contact us form for product advice or a free quote.

     

     

    Related articles