I have been looking around to see if there are any requirements that must be met to store signatures. I have not seen anything pertaining to the signature in PCI or PABP.

Am I missing something?

You are correct, there is nothing in the PCI DSS, PABP or PA-DSS regarding signatures. The reason is that a signature is NOT cardholder data as defined by the PCI SSC. A signature is added to a card by the cardholder and is therefore not controlled by the card brands.

However, regardless of whether or not it's in the PCI DSS should not be a concern. This is what I like to call one of those "do the right thing" moments. Given the sensitive nature of a person's signature, you should do whatever it takes to protect this information by encrypting it, restricting who can decrypt the signature and whatever else you deem necessary to protect it.

The last thing that your organization wants to see is its name in the newspapers saying that because it wasn't in some regulation/requirement, you decided not to protect it and it was leaked because of that decision.

I agree, we are already going to encrypt the data, I was just making sure that I didn't miss anything since I haven't seen anything pertaining to the signature.

Thanks for the clarification.