What is the purpose of restricting physical access to cardholder data?

Restricting physical access to cardholder data focuses on preventing unauthorized people from viewing, copying, altering, or stealing sensitive information by controlling who can physically reach the systems and media where that data resides. By locking away servers, backups, printers, and other media, using badge access, surveillance, tamper-evident seals, and proper disposal, you reduce the risk of insider threats, tampering, or theft that could expose data. This protection of confidentiality and data integrity is a core aim when handling cardholder information, aligning with standards like PCI DSS that mandate strong physical security around the cardholder data environment. The other options don’t address this risk: improving performance, limiting storage capacity, or making sharing easier are not the reasons for enforcing physical access controls, and in some cases such controls would impede sharing.