PCI Data Security Standard affects a decidedly more “low-tech” form of cardholder data — hardcopy transactions. Many transactions continue to be conducted by fax and mail. Many orders still flow through this payment channel and must be secured, handled in compliance with the PCI DSS, and assessed as in scope. QSA’s View on PCI Compliance for Mail Orders: “Hardcopy transactions” is far more complicated than the PCI Data Standard. While there are fewer requirements to comply with a hardcopy-only media, there are still plenty of room for compliance.”]
Source: https://www.cuinfosecurity.com/blogs/qsas-view-on-pci-compliance-for-mail-orders-p-656