PCI DSS FAQ - Payment Card Industry (PCI) Data Security Standard Discussion Forum  

Go Back   PCI DSS FAQ - Payment Card Industry (PCI) Data Security Standard Discussion Forum > Payment Card Industry Data Security Standard Frequently Asked Questions (PCI DSS FAQ) > Protect Cardholder Data > [PCI-DSS] Requirement 3: Protect stored cardholder data
Reload this Page [PCI-DSS] 3.2.3 Do not store the personal identification number (PIN) or the encrypted PIN block.
Register FAQ Calendar Search Today's Posts Mark Forums Read

[PCI-DSS] Requirement 3: Protect stored cardholder data Encryption is a critical component of cardholder data protection. If an intruder circumvents other network security controls and gains access to encrypted data, without the proper cryptographic keys, the data is unreadable and unusable to that person. Other effective methods of protecting stored data should be considered as potential risk mitigation opportunities. For example, methods for minimizing risk include not storing cardholder data unless absolutely necessary, truncating cardholder data if full PAN is not needed, and not sending PAN in unencrypted e-mails.

Reply
 
Thread Tools Search this Thread Display Modes
  #1  
Old 03-18-2007, 02:53 AM
admin's Avatar
admin admin is offline
Administrator
  
Join Date: Jul 2002
Posts: 229
Default [PCI-DSS] 3.2.3 Do not store the personal identification number (PIN) or the encrypted PIN block.
[PCI-DSS] 3.2.3 Do not store the personal identification number (PIN) or the encrypted PIN block.

3.2.3 For a sample of system components, examine the following and verify that PINs and encrypted PIN blocks are not stored under any circumstance:
  • Incoming transaction data
  • All logs (for example, transaction, history, debugging, error)
  • History files
  • Trace files
  • Several database schemas
  • Database contents
Reply With Quote
Reply

Bookmarks
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
[PA-DSS] 1.1.5 Securely delete any sensitive authentication data (pre-authorization data) used for debugging or troubleshooting purposes from log files, debugging files, and other data sources received from customers, to ensure that magnetic stripe data, card validation codes or values, and PINS or PIN block data are not stored on software vendor systems. These data sources must be collected in limited amounts and only when necessary to resolve a problem, encrypted while stored, and deleted immediately after use admin [PA-DSS] 1. Do not retain full magnetic stripe, card validation code or value (CAV2, CID, CVC2, CVV 0 03-18-2007 02:42 AM
[PA-DSS] 1.1.3 After authorization, do not store the personal identification number (PIN) or the encrypted PIN block admin [PA-DSS] 1. Do not retain full magnetic stripe, card validation code or value (CAV2, CID, CVC2, CVV 0 03-18-2007 02:41 AM
[PA-DSS] 1.1.1 After authorization, do not store the full contents of any track from the magnetic stripe (that is on the back of a card, in a chip or elsewhere). This data is alternatively called full track, track, track 1, track 2, and magnetic stripe data admin [PA-DSS] 1. Do not retain full magnetic stripe, card validation code or value (CAV2, CID, CVC2, CVV 0 03-18-2007 02:40 AM


All times are GMT -4. The time now is 04:13 AM.

Contact Us - PCI DSS FAQ - Payment Card Industry (PCI) Data Security Standard Discussion Forum - Archive - Top

All logos and trademarks in this site are property of their respective owner.
The comments are property of their posters, all the rest ©1997 - 2010 by PCIDSSFAQ.ORG, except where noted otherwise.
Powered by vBulletin, Copyright ©2000 - 2010, Jelsoft Enterprises Ltd.
PCI-DSS Forum  |  PA-DSS Forum