What is the groups opinion on IP Based Card Processing Terminals (i.e. Verifone Omni 3750) when used completely without a payment application. The device transmits (encrypted) to the card processor for payment authorization and prints a receipt.

Does a merchant using such a process where they never touch card data fall under the umbrella of the DSS from the perspective of having to secure their network to PCI standards?

These would obviously be very small merchants.

Certainly because they "store, process, or transmit" cardholder data they are in scope for PCI DSS, but their scope may be very limited. If these terminals do not store the cardholder data and only have dial-out to the acquirer/processor then you can remove the terminal itself from scope of the audit.

You DO need to include any paper files (i.e. printed receipts) within the scope. This means these merchants would need to securely store and properly destroy and paper receipts with the full PAN.

You can further assist in re-enforcing the security of the device by ensuring that it is compliant to the MasterCard PTS requirements, which are designed to address exactly this sort of situation (IP connected stand-alone terminal).

You can find details on the PTS requirements here:

http://www.mastercard.com/us/merchant/security/what_can_do/pts_program.html

With a list of currently compliant terminals here (this is slightly out of date - there is at least one additional platform that has been approved that is not on this list):

http://www.mastercard.com/us/wce/PDF/TAL-Entire_Manual.pdf

And the program manual here:

http://www.mastercard.com/us/wce/PDF/21466_TPM_Entire_Manual.pdf