Cardholder Activated Terminal or CAT and PCI Compliance FAQ

By | December 24, 2025
Cardholder Activated Terminal Mastercard

Last Updated on December 24, 2025 by Craig Allen Keefner

Cardholder Activated Terminal FAQ

There are two primary classifications of Point of Sale Terminal Types: Attended and Unattended Payment Terminals are classified into two major types, depending on the situation:

  1. Attended Terminals
    1. A POS Transaction occurring at an attended POS Terminal is a face-to-face Transaction, since a Sales Person or Representative is present at the time of the Transaction.
  2. Unattended Terminals or Cardholder Activated Terminals (CATs)
    1. A POS Transaction occurring at an unat­tended POS Terminal is a non-face-to-face Transaction, as NO Sales Person or Represen­tative is present at the time of the Trans­action. Examples of unattended POS Terminals include ticket dis­pen­sing machines, vending machines, auto­mated fuel dispensers, toll booths, kiosks, and parking meters.

Resource:  we highly recommend UCP Inc. and Rob Chilcoat for detailed questions on CAT terminals. For actual terminals we recommend Ingenico Self Service

Saying Yes to a McDonalds, Costco or a Home Depot

Quasi Classification of “Semi-Attended” — This is a gray area coined by processors in order to permit use of Attended Terminals in an Unattended Mode. Typically this is seen by large corporations (e.g. Home Depot, Costco) where they wish to use the same terminals throughout the business case with the same liability. The processors will “concede” to the use but only with additional stipulations for use. Preconditions for obtaining such a classification by the processor is directly related to leverage the corporation may exert. Small business is not in that position.

CAT Definitions

The generally used CAT definitions for Mastercard for example are for CAT1, CAT2, CAT3, CAT4, CAT6, CAT7 and CAT9

Industry Group Kiosks Digital Signage

CAT Restrictions

CAT PCI Restrictions

CAT PCI Restrictions

Causes of CAT 3 chargeback:

Mastercard guidelines for CAT 3 chargeback:

CAT 3 dispute falls under the “Authorization” category with the chargeback reason code 4808.

The issuer has 90 days to file the dispute and the Merchant has 45 days to respond to the claim in dispute.

Comments

As far as the PCISSC is concerned there is no such thing as “semi-attended.” A device is either an attended device (used with the assistance and under the supervision of a representative of the merchant) or is unattended (cardholder activated and used for self-service). This gray area of “Semi attended” was coined by the processors who allow some merchants to use attended terminals in unattended situations which always comes with stipulations like the terminal must be only accessible during business hours and up to X number of self-checkout stations have to be supervised by an attendant, or you can’t sell alcohol or cigarettes at them. The alcohol stipulation was changed a while back by having the attendant at the self-checkout area check the ID and either swipe a badge or enter a code to allow for the sale of age-restricted products. If a kiosk solution provider wants to do everything aboveboard from a PCISSC perspective they should use unattended devices so that no exceptions ever have to be sought to operate in this semi-attended gray area with their prospective client’s processor. Use case and terminal model to be used are made part of a merchant account application and it is always possible an underwriter who reviews that application for risk might flag an attended device used at a kiosk as unacceptable. Also when it comes to an EMV certification, there is a whole host of tests scrips the person doing the certification has to run through to get an L3 EMV cert with a processor, and when the use case is for self-service there are additional tests cases that have to be run for the L3 EMV cert to cover unattended. It’s all-around best practice to use a device designed for self-service basically.

Resources

 

Author: Craig Allen Keefner

Craig Allen Keefner is an industry analyst, content strategist, and longtime authority on self-service kiosks, digital signage, unattended payment systems, and interactive technology. He manages content and industry strategy for Kiosk Industry and The Industry Group, with a focus on kiosk software, hardware-software integration, accessibility, payment compliance, healthcare kiosks, restaurant self-service, and emerging AI automation. Craig has covered the self-service and kiosk industry since the 1990s, tracking how public-facing terminals move from concept to field deployment. His work combines industry research, vendor analysis, operator conversations, standards tracking, trade show coverage, and practical experience with the real-world constraints of kiosk deployments. https://www.linkedin.com/in/kiosk