top of page
3.2 PCI DSS (v3.2.1)
Compliance Standard
Compliance Version
Control ID
PCI DSS
(v3.2.1)
3.2
Requirement 3: Protect stored cardholder data
(v3.2.1)
Do not store sensitive authentication data after authorization (even if encrypted). If sensitive authentication data is received, render all data unrecoverable upon completion of the authorization process.
It is permissible for issuers and companies that support issuing services to store sensitive authentication data if:
• There is a business justification and
• The data is stored securely.
Sensitive authentication data includes the data as cited in the following Requirements 3.2.1 through 3.2.3:
bottom of page