top of page
< Back

3.2.1 PCI DSS (v3.2.1)

Compliance Standard

Compliance Version

Control ID




Requirement 3: Protect stored cardholder data


Do not store the full contents of any track (from the magnetic stripe located on the back of a card, equivalent data contained on a chip, or elsewhere) after authorization. This data is alternatively called full track, track, track 1, track 2, and magnetic-stripe data.

Note: In the normal course of business, the following data elements from the magnetic stripe may need to be retained:
• The cardholder’s name
• Primary account number (PAN)
• Expiration date
• Service code
To minimize risk, store only these data elements as needed for business.

bottom of page