Every payment device,
tracked and provable.
Meet PCI DSS Requirement 9 with confidence. Tag every card terminal and PED with a tamper-evident QR code, enforce scheduled check-ins, and keep an immutable audit trail your assessor can't argue with.
Ingenico Move/5000
Used by retailers, hospitality groups & payment operators
A device inventory that holds up under assessment.
PCI DSS requires you to maintain an accurate inventory of every card-reading device, monitor it for tampering, and periodically verify each one is where it should be. A spreadsheet of serial numbers won't survive a QSA's questions. QR-Inventory turns each PED into a self-documenting record — scanned, checked and sealed.
A complete, current device register
Every POS terminal, card reader and PIN-entry device in one authoritative list — model, serial, firmware, location and custodian. Each device carries a unique tamper-evident QR tag, so identifying and verifying one takes a single scan, not a stock-take.
Evidence of monitoring, not just intent
Scheduled check-ins prove devices are inspected on a defined cadence. Every scan, seal-check, move and repair is written to an immutable log — so when an assessor asks "show me", you produce a dated history instead of a promise.
Everything you need for payment-device compliance.
Device inventory management
POS terminals, card readers and PIN-entry devices, each with a unique tamper-evident QR tag for instant identification.
Scheduled check-ins
Weekly or monthly verification reminders confirm each device is present, sealed and operational — on a cadence you set.
Immutable audit trail
Every location, check-in, repair and status change is appended and time-stamped — ready for any PCI DSS assessment.
Device lifecycle tracking
Record when devices are deployed, sent for authorised repair, swapped or decommissioned — a complete chain of custody.
Tamper-evident security
Metalised, tamper-evident QR labels leave clear visual evidence of any attempt to remove or alter the seal.
Compliance reporting
Device inventories, check-in compliance rates and full audit trails, exported in the formats your assessor expects.
Mapped to PCI DSS Requirement 9.5.1.
PCI DSS v4.0.1 is specific about how point-of-interaction (POI) devices that capture card data via direct physical interaction must be inventoried, inspected and protected. Here's where QR-Inventory does the heavy lifting.
Protect POI devices
POI devices that capture payment card data are protected from tampering and unauthorised substitution, with evidence captured whenever a device changes.
Up-to-date device list
Maintain a current inventory of every POI device — make and model, location, and serial number or other unique identifier — kept accurate as devices are added, moved or retired.
Periodic inspections
Surfaces of POI devices are inspected periodically to detect tampering and substitution, at a frequency defined by a targeted risk analysis performed under Requirement 12.3.1.
Staff training
Personnel in POI environments are trained to be aware of attempted tampering or replacement, with clear procedures and an auditable record of device checks.
Requirement references are indicative and provided for guidance. Your PCI DSS scope and validation should be confirmed with your QSA or acquiring bank.
If a seal is broken, you'll know.
Our metalised QR labels are engineered to fracture on removal, leaving unmistakable visual evidence of tampering. Bound to the device record, each tag turns a routine scan into a documented integrity check.
- Visible, irreversible evidence of seal removal
- Each tag uniquely bound to one device record
- Seal status captured at every check-in scan
- Alerts raised the moment a tamper is reported
Compliance that deploys in an afternoon.
Built for teams who need to be audit-ready quickly — and stay that way as they scale.
Instant implementation
Apply the tags, register the devices, start tracking. No heavy rollout required.
Mobile-first check-ins
Staff scan with any phone or tablet — no dedicated hardware to buy or maintain.
Cloud-based platform
Reach your device inventory from anywhere, with continuous backups built in.
Scales 10 to 10,000
From a single store to a national estate — one register, consistent controls.
Expert support
A team that understands PCI DSS and can configure check-ins to your scope.
UK data residency
Compliance data hosted in the UK and processed in line with UK GDPR.
Audit-ready in four steps.
Scope
Book a scoping call. We map your device estate and configure your account to your PCI DSS requirements.
Tag & register
Apply tamper-evident QR tags to each device and register its model, serial and location in the system.
Configure check-ins
Set the cadence — weekly or monthly — for staff to scan, verify presence and confirm the seal is intact.
Monitor & report
Track check-in rates, catch exceptions early, and export audit-ready evidence whenever you need it.
Make PCI DSS device tracking a non-event.
See how QR-Inventory keeps every payment terminal inventoried, monitored and provable — in a 30-minute scoping call with our team.